[asterisk-users] Ast 13.10 to 13.11 stop working webrtc
Sebastian
scgm11 at gmail.com
Wed Oct 5 15:41:15 CDT 2016
>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
working, failing with
chan_sip.c:4083 retrans_pkt: Hanging up call
7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
critical packet (see
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
is there any way to configure to have the previous behaviour?
Im trying to set dtlscipher=AES128-SHA but I always see
DTLS ECDH initialized (automatic), faster PFS enabled
any idea?
Thanks!
res_rtp_asterisk
------------------
* The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).
Enabling PFS is attempted by default, and is dependent on the configuration
of the module using TLS.
- Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
specify a ECDHE cipher suite in sip.conf, for example:
dtlscipher=AES128-SHA
- Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
into the private key file, e.g., sip.conf dtlsprivatekey. For example:
openssl dhparam -out ./dh.pem 2048
- Because clients expect the server to prefer PFS, and because OpenSSL sorts
its cipher suites by bit strength, see "openssl ciphers -v DEFAULT".
Consider re-ordering your cipher suites in the respective configuration
file. For example:
dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
which forces PFS and requires at least DTLS 1.2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161005/9b633af1/attachment.html>
More information about the asterisk-users
mailing list