<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">El 11/06/2014 1:52 p. m., Matthew

      Jordan escribió:<br>

    </div>

    <blockquote

cite="mid:CAN2PU+5iHi0_tFgpg=7jXPr2BSWa68Q9n3smA-fnR-XNr+hLJg@mail.gmail.com"

      type="cite">

      <div dir="ltr"><br>

        <div class="gmail_extra"><br>

          <br>

          <div class="gmail_quote">On Wed, Jun 11, 2014 at 1:32 PM,

            William Hetherington <span dir="ltr"><<a

                moz-do-not-send="true" href="mailto:will@willwh.com"

                target="_blank">will@willwh.com</a>></span> wrote:<br>

            <blockquote class="gmail_quote" style="margin:0px 0px 0px

              0.8ex;border-left:1px solid

              rgb(204,204,204);padding-left:1ex">

              <div dir="ltr">Chrome 35 broke all of this.... you need to

                be using DTLS now I believe.

                <div><br>

                </div>

                <div>I had working secure web sockets with asterisk

                  12.2.x and chrome 34.... and then google broke

                  eveything :)</div>

                <div>

                  <br>

                </div>

                <div>I have not yet got around to test out DTLS etc.

                  with chrome 35</div>

                <div><br>

                </div>

                <div>Just so I don't waste too much time when I go to

                  test, does anyone know if all that's required for DTLS

                  on the asterisk side is the following in sip.conf?</div>

                <div><br>

                </div>

                <div>

                  <div>dtlsenable=yes</div>

                  <div>dtlsverify=yes</div>

                  <div>dtlsrekey=60</div>

                  <div>dtlscafile=/usr/local/share/ca-certificates/myCA.crt</div>

                  <div>dtlscertfile=/etc/ssl/mycert.com.pem</div>

                  <div>dtlssetup=actpass</div>

                </div>

                <div><br>

                </div>

                <div>I assume I also need TLS configs in http.conf</div>

              </div>

              <div class="gmail_extra"><br clear="all">

              </div>

            </blockquote>

          </div>

          <br>

        </div>

        <div class="gmail_extra">Signalling is independent of the media;

          DTLS only affects the media.<br>

          <br>

          However, there are known issues with Chrome's negotiation of

          DTLS and Asterisk - see <a moz-do-not-send="true"

            href="https://issues.asterisk.org/jira/browse/ASTERISK-22961">https://issues.asterisk.org/jira/browse/ASTERISK-22961</a><br>

          <br>

        </div>

        <div class="gmail_extra"><br>

          -- <br>

          <div dir="ltr">

            <div>Matthew Jordan<br>

            </div>

            <div>Digium, Inc. | Engineering Manager</div>

            <div>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA</div>

            <div>Check us out at: <a moz-do-not-send="true"

                href="http://digium.com" target="_blank">http://digium.com</a>

              & <a moz-do-not-send="true"

                href="http://asterisk.org" target="_blank">http://asterisk.org</a></div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

    </blockquote>

    It is broken in Chrome (firefox never had SDES) because the WebRTC

    standard favoured the DTLS SRTP implementation instead of the SDES

    one. The thing is that although Asterisk supports DTLS

    implementation, it only supports SHA-1 hashing but both Firefox and

    Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an

    effort to solve this issue.<br>

    <br>

    Best regards<br>

  </body>

</html>