<div dir="ltr">the issue is with chan_sip not on rtp I will check wich commit break this and fill an issue.<div><br></div></div><br><div class="gmail_quote"><div dir="ltr">El mié., 5 de oct. de 2016 a la(s) 17:41, Sebastian <<a href="mailto:scgm11@gmail.com">scgm11@gmail.com</a>> escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><p style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)" class="gmail_msg"><span style="font-variant-ligatures:no-common-ligatures" class="gmail_msg">chan_sip.c:4083 retrans_pkt: Hanging up call <a href="http://7238b48c11581d4166b899bf747a05f7@130.211.62.184:0" class="gmail_msg" target="_blank">7238b48c11581d4166b899bf747a05f7@130.211.62.184:0</a> - no reply to our critical packet (see <a href="https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions" class="gmail_msg" target="_blank">https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions</a>).</span></p><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">is there any way to configure to have the previous behaviour?</div><div class="gmail_msg">Im trying to set dtlscipher=AES128-SHA but I always see </div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">DTLS ECDH initialized (automatic), faster PFS enabled</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">any idea? </div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Thanks!<br class="gmail_msg"><div class="gmail_msg"><table class="m_3610173456514738587inbox-inbox-highlight m_3610173456514738587inbox-inbox-tab-size m_3610173456514738587inbox-inbox-js-file-line-container gmail_msg" style="box-sizing:border-box;border-collapse:collapse;color:rgb(51,51,51);font-family:-apple-system,blinkmacsystemfont,'segoe ui',roboto,helvetica,arial,sans-serif,'apple color emoji','segoe ui emoji','segoe ui symbol';font-size:14px;font-variant-ligatures:normal"><tbody style="box-sizing:border-box" class="gmail_msg"><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-LC497" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap">res_rtp_asterisk</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L498" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC498" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap">------------------</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L499" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC499" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L500" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC500" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> Enabling PFS is attempted by default, and is dependent on the configuration</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L501" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC501" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> of the module using TLS.</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L502" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC502" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L503" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC503" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> specify a ECDHE cipher suite in sip.conf, for example:</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L504" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC504" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> dtlscipher=AES128-SHA</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L505" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC505" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L506" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC506" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> into the private key file, e.g., sip.conf dtlsprivatekey. For example:</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L507" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC507" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> openssl dhparam -out ./dh.pem 2048</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L508" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC508" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> - Because clients expect the server to prefer PFS, and because OpenSSL sorts</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L509" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"><br class="gmail_msg"></td><td id="m_3610173456514738587inbox-inbox-LC509" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> its cipher suites by bit strength, see "openssl ciphers -v DEFAULT".</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L510" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC510" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> Consider re-ordering your cipher suites in the respective configuration</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L511" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC511" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> file. For example:</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L512" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC512" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256</td></tr><tr style="box-sizing:border-box" class="gmail_msg"><td id="m_3610173456514738587inbox-inbox-L513" class="m_3610173456514738587inbox-inbox-blob-num m_3610173456514738587inbox-inbox-js-line-number gmail_msg" style="box-sizing:border-box;padding:0px 10px;width:50px;min-width:50px;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;line-height:20px;color:rgba(0,0,0,0.298039);text-align:right;white-space:nowrap;vertical-align:top;border-style:solid;border-color:rgb(238,238,238);border-width:0px 1px 0px 0px"></td><td id="m_3610173456514738587inbox-inbox-LC513" class="m_3610173456514738587inbox-inbox-blob-code m_3610173456514738587inbox-inbox-blob-code-inner m_3610173456514738587inbox-inbox-js-file-line gmail_msg" style="box-sizing:border-box;padding:0px 10px;line-height:20px;vertical-align:top;overflow:visible;font-family:consolas,'liberation mono',menlo,courier,monospace;font-size:12px;word-wrap:normal;white-space:pre-wrap"> which forces PFS and requires at least DTLS 1.2.
</td></tr></tbody></table></div></div></div></div></blockquote></div>