<div dir="ltr">I am using Asterisk v12.3. <div><br></div><div>As far as DTLS, I understand that applying the following Javascript will temporarily fix for SIPML5 to Asterisk: <a href="https://gist.github.com/steve-ng/14b9b88af43f92db1e46">https://gist.github.com/steve-ng/14b9b88af43f92db1e46</a></div>
<div><br></div><div>WS works for me, its just wss which I'm stuck currently. </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina <span dir="ltr"><<a href="mailto:mfmolina-listas@millenium.com.co" target="_blank">mfmolina-listas@millenium.com.co</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>El 11/06/2014 1:52 p. m., Matthew
Jordan escribió:<br>
</div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Jun 11, 2014 at 1:32 PM,
William Hetherington <span dir="ltr"><<a href="mailto:will@willwh.com" target="_blank">will@willwh.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Chrome 35 broke all of this.... you need to
be using DTLS now I believe.
<div><br>
</div>
<div>I had working secure web sockets with asterisk
12.2.x and chrome 34.... and then google broke
eveything :)</div>
<div>
<br>
</div>
<div>I have not yet got around to test out DTLS etc.
with chrome 35</div>
<div><br>
</div>
<div>Just so I don't waste too much time when I go to
test, does anyone know if all that's required for DTLS
on the asterisk side is the following in sip.conf?</div>
<div><br>
</div>
<div>
<div>dtlsenable=yes</div>
<div>dtlsverify=yes</div>
<div>dtlsrekey=60</div>
<div>dtlscafile=/usr/local/share/ca-certificates/myCA.crt</div>
<div>dtlscertfile=/etc/ssl/mycert.com.pem</div>
<div>dtlssetup=actpass</div>
</div>
<div><br>
</div>
<div>I assume I also need TLS configs in http.conf</div>
</div>
<div class="gmail_extra"><br clear="all">
</div>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">Signalling is independent of the media;
DTLS only affects the media.<br>
<br>
However, there are known issues with Chrome's negotiation of
DTLS and Asterisk - see <a href="https://issues.asterisk.org/jira/browse/ASTERISK-22961" target="_blank">https://issues.asterisk.org/jira/browse/ASTERISK-22961</a><br>
<br>
</div>
<div class="gmail_extra"><br>
-- <br>
<div dir="ltr">
<div>Matthew Jordan<br>
</div>
<div>Digium, Inc. | Engineering Manager</div>
<div>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA</div>
<div>Check us out at: <a href="http://digium.com" target="_blank">http://digium.com</a>
& <a href="http://asterisk.org" target="_blank">http://asterisk.org</a></div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote></div></div>
It is broken in Chrome (firefox never had SDES) because the WebRTC
standard favoured the DTLS SRTP implementation instead of the SDES
one. The thing is that although Asterisk supports DTLS
implementation, it only supports SHA-1 hashing but both Firefox and
Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an
effort to solve this issue.<br>
<br>
Best regards<br>
</div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br></div>