[asterisk-users] Ast 13.10 to 13.11 stop working webrtc
Sebastian
scgm11 at gmail.com
Thu Oct 6 10:07:45 CDT 2016
the issue is with chan_sip not on rtp I will check wich commit break this
and fill an issue.
El mié., 5 de oct. de 2016 a la(s) 17:41, Sebastian <scgm11 at gmail.com>
escribió:
> From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
> working, failing with
>
> chan_sip.c:4083 retrans_pkt: Hanging up call
> 7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
> critical packet (see
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
>
>
> is there any way to configure to have the previous behaviour?
> Im trying to set dtlscipher=AES128-SHA but I always see
>
> DTLS ECDH initialized (automatic), faster PFS enabled
>
> any idea?
>
> Thanks!
> res_rtp_asterisk
> ------------------
> * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).
> Enabling PFS is attempted by default, and is dependent on the configuration
> of the module using TLS.
> - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
> specify a ECDHE cipher suite in sip.conf, for example:
> dtlscipher=AES128-SHA
> - Ephemeral DH (DHE) is disabled by default. To enable it, add DH
> parameters
> into the private key file, e.g., sip.conf dtlsprivatekey. For example:
> openssl dhparam -out ./dh.pem 2048
> - Because clients expect the server to prefer PFS, and because OpenSSL
> sorts
>
> its cipher suites by bit strength, see "openssl ciphers -v DEFAULT".
> Consider re-ordering your cipher suites in the respective configuration
> file. For example:
> dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
> which forces PFS and requires at least DTLS 1.2.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161006/57f7444d/attachment.html>
More information about the asterisk-users
mailing list