[asterisk-users] WSS over Asterisk

Miguel Molina mfmolina-listas at millenium.com.co
Wed Jun 11 15:37:35 CDT 2014

El 11/06/2014 1:52 p. m., Matthew Jordan escribió:
> On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <will at willwh.com 
> <mailto:will at willwh.com>> wrote:
>     Chrome 35 broke all of this.... you need to be using DTLS now I
>     believe.
>     I had working secure web sockets with asterisk 12.2.x and chrome
>     34.... and then google broke eveything :)
>     I have not yet got around to test out DTLS etc. with chrome 35
>     Just so I don't waste too much time when I go to test, does anyone
>     know if all that's required for DTLS on the asterisk side is the
>     following in sip.conf?
>     dtlsenable=yes
>     dtlsverify=yes
>     dtlsrekey=60
>     dtlscafile=/usr/local/share/ca-certificates/myCA.crt
>     dtlscertfile=/etc/ssl/mycert.com.pem
>     dtlssetup=actpass
>     I assume I also need TLS configs in http.conf
> Signalling is independent of the media; DTLS only affects the media.
> However, there are known issues with Chrome's negotiation of DTLS and 
> Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961
> -- 
> Matthew Jordan
> Digium, Inc. | Engineering Manager
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at: http://digium.com & http://asterisk.org
It is broken in Chrome (firefox never had SDES) because the WebRTC 
standard favoured the DTLS SRTP implementation instead of the SDES one. 
The thing is that although Asterisk supports DTLS implementation, it 
only supports SHA-1 hashing but both Firefox and Chrome work with 
SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this 

Best regards

Este mensaje y sus anexos son para uso exclusivo de sus destinatarios y puede
contener informacion confidencial y/o privada protegida legalmente. Si usted 
no es el destinatario, se le notifica que cualquier distribucion o reproduccion
de este mensaje, o de cualquiera de sus anexos, esta estrictamente prohibida. 
Si usted ha recibido este mensaje por error, por favor notifiquenos inmediatamente
y elimine su texto original, incluidos los anexos y destruya cualquier reproduccion
del mismo. Las opiniones expresadas en este mensaje son responsabilidad exclusiva
de quien las emite y no necesariamente reflejan la posicion de Millenium Phone 
Center S.A, ni comprometen la responsabilidad institucional por el uso que el 
destinatario haga de las mismas. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140611/177df1d8/attachment.html>

More information about the asterisk-users mailing list