<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi <br>
<br>
I tested yesterday the SIPML5 fix and I can confirm it works as
expected with Asterisk 12 SVN-trunk-r415192 using chan_sip and no
DTLS enabled.<br>
Tested with Chrome 35.0.1916.153m.<br>
The patch is targeted to Chrome. Firefox still be unable to handle
calls in my setup.<br>
<br>
In my tests I've found some asterisk exceptions when SIMPL5 is
used from Chrome with the provided patch AND DTLS is configured
for the peer in sip.conf AND certificates are installed in Chrome.
I suppose this is something work in progress so I'm not worried
about it.<br>
<br>
I can also confirm the problem with wss where the SIPML5 seems not
able to connect to the asterisk box.<br>
<br>
Thank you and best regards,<br>
Marco Signorini.<br>
<br>
<br>
<br>
On 06/12/2014 03:21 AM, Steve Ng wrote:<br>
</div>
<blockquote
cite="mid:CA+GcH0g9dAJyz9N4KDsqnY-D+FwCovwXT0hpgvYHvFNC_wLfMA@mail.gmail.com"
type="cite">
<div dir="ltr">I am using Asterisk v12.3.
<div><br>
</div>
<div>As far as DTLS, I understand that applying the following
Javascript will temporarily fix for SIPML5 to Asterisk: <a
moz-do-not-send="true"
href="https://gist.github.com/steve-ng/14b9b88af43f92db1e46">https://gist.github.com/steve-ng/14b9b88af43f92db1e46</a></div>
<div><br>
</div>
<div>WS works for me, its just wss which I'm stuck currently. </div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Jun 12, 2014 at 4:37 AM, Miguel
Molina <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mfmolina-listas@millenium.com.co"
target="_blank">mfmolina-listas@millenium.com.co</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>El 11/06/2014 1:52 p. m., Matthew Jordan escribió:<br>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Jun 11, 2014 at
1:32 PM, William Hetherington <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:will@willwh.com"
target="_blank">will@willwh.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Chrome 35 broke all of
this.... you need to be using DTLS now I
believe.
<div><br>
</div>
<div>I had working secure web sockets with
asterisk 12.2.x and chrome 34.... and
then google broke eveything :)</div>
<div> <br>
</div>
<div>I have not yet got around to test out
DTLS etc. with chrome 35</div>
<div><br>
</div>
<div>Just so I don't waste too much time
when I go to test, does anyone know if
all that's required for DTLS on the
asterisk side is the following in
sip.conf?</div>
<div><br>
</div>
<div>
<div>dtlsenable=yes</div>
<div>dtlsverify=yes</div>
<div>dtlsrekey=60</div>
<div>dtlscafile=/usr/local/share/ca-certificates/myCA.crt</div>
<div>dtlscertfile=/etc/ssl/mycert.com.pem</div>
<div>dtlssetup=actpass</div>
</div>
<div><br>
</div>
<div>I assume I also need TLS configs in
http.conf</div>
</div>
<div class="gmail_extra"><br clear="all">
</div>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">Signalling is independent
of the media; DTLS only affects the media.<br>
<br>
However, there are known issues with Chrome's
negotiation of DTLS and Asterisk - see <a
moz-do-not-send="true"
href="https://issues.asterisk.org/jira/browse/ASTERISK-22961"
target="_blank">https://issues.asterisk.org/jira/browse/ASTERISK-22961</a><br>
<br>
</div>
<div class="gmail_extra"><br>
-- <br>
<div dir="ltr">
<div>Matthew Jordan<br>
</div>
<div>Digium, Inc. | Engineering Manager</div>
<div>445 Jan Davis Drive NW - Huntsville, AL
35806 - USA</div>
<div>Check us out at: <a
moz-do-not-send="true"
href="http://digium.com" target="_blank">http://digium.com</a>
& <a moz-do-not-send="true"
href="http://asterisk.org" target="_blank">http://asterisk.org</a></div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
</div>
It is broken in Chrome (firefox never had SDES) because
the WebRTC standard favoured the DTLS SRTP implementation
instead of the SDES one. The thing is that although
Asterisk supports DTLS implementation, it only supports
SHA-1 hashing but both Firefox and Chrome work with
SHA-256. The patch proposed in ASTERISK-22961 is an effort
to solve this issue.<br>
<br>
Best regards<br>
</div>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
moz-do-not-send="true" href="http://www.api-digital.com"
target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar
every Thurs:<br>
<a moz-do-not-send="true"
href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a moz-do-not-send="true"
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>