[asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256

Joshua Colp jcolp at digium.com
Wed Jan 9 06:28:18 CST 2013

Mitja Kaučič wrote:
> I understand. But how can then the config setting dtlscipher work. In
> default config there is stated: dtlscipher =<SSL cipher string>    ;
> Cipher to use for TLS negotiation;
> ; A list of valid SSL cipher strings can be found at:
> http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS in the
> list SHA256 is also listed.

That's because we use OpenSSL for DTLS support. Whatever your OpenSSL is 
built with is supported.

> But in the  Chan_sip.c code methode "process_sdp_a_dtls" only "sha-1"
> is supported on reading the SDP, there could be issue coming from
> this. In the end there will be diffrend types of fingerprint for
> sure, gogole talks something about SHA-224. There shuld be more/all
> encryptions supported.

Sure. Like I've said once stuff stabilizes then it can be revisited. 
Just a clarification though - the fingerprint isn't used for encryption. 
It's for verification purposes.

Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

More information about the asterisk-dev mailing list