[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256
Mitja Kaučič
mitjaka at cde.si
Wed Jan 9 04:50:10 CST 2013
I understand. But how can then the config setting dtlscipher work.
In default config there is stated:
dtlscipher = <SSL cipher string> ; Cipher to use for TLS negotiation; ; A list of valid SSL cipher strings can be found at: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
in the list SHA256 is also listed.
But in the Chan_sip.c code methode "process_sdp_a_dtls" only "sha-1" is supported on reading the SDP, there could be issue coming from this. In the end there will be diffrend types of fingerprint for sure, gogole talks something about SHA-224. There shuld be more/all encryptions supported.
Regards M
-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Joshua Colp
Sent: Tuesday, January 08, 2013 1:52 PM
To: Asterisk Developers Mailing List
Subject: Re: [asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256
Mitja Kaučič wrote:
> I have problem with offer SDP that firefox nightly generates. It writes out the following error on asterisk:
>
> WARNING[25424][C-00000004]: chan_sip.c:10936 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '2457893540'
> SDP:
> v=0
> o=Mozilla-SIPUA 14911 0 IN IP4 xxx
> s=SIP Call
> t=0 0
> a=ice-ufrag:de2f016f
> a=ice-pwd:5f6c1d1e785108256c0e9e94d2a5ee78
> a=fingerprint:sha-256 B4:C6:2A:9E:3E:C9:BD:92:13:D3:20:4A:07:B2:BB:9E:27:18:7F:B8:77:70:1D:76:49:A0:40:0F:66:1C:DD:96
> m=audio 60273 RTP/SAVPF 109 0 8 101
> c=IN IP4 xxx
> a=rtpmap:109 opus/48000/2
> a=ptime:20
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=sendrecv
>
> After inspecting the code in Chan_sip.c, metode "process_sdp_a_dtls", looks like there is only sha-1 supported, but firefox uses sha-256:
> if (!strcasecmp(hash, "sha-1"))
> {
> dtls->set_fingerprint(instance, AST_RTP_DTLS_HASH_SHA1, value);
> } else {
> ast_log(LOG_WARNING, "Unsupported fingerprint hash type '%s' received on dialog '%s'\n",hash, p->callid);
> }
>
> Is there a support for sha-256 in asterisk and is there a plan to be supported and when?
There's no current issue for doing this, so no plan to. The SDP above is
also weird... the fingerprint is used for DTLS-SRTP but the SDP doesn't
show DTLS-SRTP.
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
Posredovani dokument je namenjen izključno prejemniku (ali osebi, odgovorni za prenos tega sporočila prejemniku) ter osebam, ki so upravičene poznati v dokumentu vsebovane podatke na podlagi svojih pristojnosti. Posredovani dokument je dovoljeno uporabljati le za med pošiljateljem in prejemnikom dogovorjeni namen. Drugačno posredovanje, razmnoževanje oziroma uporaba dokumenta ni dovoljena. Dokument so vsi podatki v kakršnikoli obliki, ki jih vsebuje ta elektronska pošta. Če ste prejeli to sporočilo zaradi napake v naslovu ali pri prenosu sporočila, prosimo, da o tem obvestite pošiljatelja elektronskega sporočila.
Privileged/confidential information may be contained in this message. This communication is confidential and intended solely for the addressee(s). Unauthorized distribution, modification or disclosure of the contents may be unlawful. If you receive this in error, please notify the sender and delete it from your system. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone.
More information about the asterisk-dev
mailing list