[asterisk-users] WSS over Asterisk

Marco Signorini marcotasto at libero.it
Thu Jun 12 02:12:47 CDT 2014


Hi

I tested yesterday the SIPML5 fix and I can confirm it works as expected 
with Asterisk 12 SVN-trunk-r415192 using chan_sip and no DTLS enabled.
Tested with Chrome 35.0.1916.153m.
The patch is targeted to Chrome. Firefox still be unable to handle calls 
in my setup.

In my tests I've found some asterisk exceptions when SIMPL5 is used from 
Chrome with the provided patch AND DTLS is configured for the peer in 
sip.conf AND certificates are installed in Chrome. I suppose this is 
something work in progress so I'm not worried about it.

I can also confirm the problem with wss where the SIPML5 seems not able 
to connect to the asterisk box.

Thank you and best regards,
Marco Signorini.



On 06/12/2014 03:21 AM, Steve Ng wrote:
> I am using Asterisk v12.3.
>
> As far as DTLS, I understand that applying the following Javascript 
> will temporarily fix for SIPML5 to Asterisk: 
> https://gist.github.com/steve-ng/14b9b88af43f92db1e46
>
> WS works for me, its just wss which I'm stuck currently.
>
>
> On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina 
> <mfmolina-listas at millenium.com.co 
> <mailto:mfmolina-listas at millenium.com.co>> wrote:
>
>     El 11/06/2014 1:52 p. m., Matthew Jordan escribió:
>>
>>
>>
>>     On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington
>>     <will at willwh.com <mailto:will at willwh.com>> wrote:
>>
>>         Chrome 35 broke all of this.... you need to be using DTLS now
>>         I believe.
>>
>>         I had working secure web sockets with asterisk 12.2.x and
>>         chrome 34.... and then google broke eveything :)
>>
>>         I have not yet got around to test out DTLS etc. with chrome 35
>>
>>         Just so I don't waste too much time when I go to test, does
>>         anyone know if all that's required for DTLS on the asterisk
>>         side is the following in sip.conf?
>>
>>         dtlsenable=yes
>>         dtlsverify=yes
>>         dtlsrekey=60
>>         dtlscafile=/usr/local/share/ca-certificates/myCA.crt
>>         dtlscertfile=/etc/ssl/mycert.com.pem
>>         dtlssetup=actpass
>>
>>         I assume I also need TLS configs in http.conf
>>
>>
>>     Signalling is independent of the media; DTLS only affects the media.
>>
>>     However, there are known issues with Chrome's negotiation of DTLS
>>     and Asterisk - see
>>     https://issues.asterisk.org/jira/browse/ASTERISK-22961
>>
>>
>>     -- 
>>     Matthew Jordan
>>     Digium, Inc. | Engineering Manager
>>     445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
>>     Check us out at: http://digium.com & http://asterisk.org
>>
>>
>     It is broken in Chrome (firefox never had SDES) because the WebRTC
>     standard favoured the DTLS SRTP implementation instead of the SDES
>     one. The thing is that although Asterisk supports DTLS
>     implementation, it only supports SHA-1 hashing but both Firefox
>     and Chrome work with SHA-256. The patch proposed in ASTERISK-22961
>     is an effort to solve this issue.
>
>     Best regards
>
>     --
>     _____________________________________________________________________
>     -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>     New to Asterisk? Join us for a live introductory webinar every Thurs:
>     http://www.asterisk.org/hello
>
>     asterisk-users mailing list
>     To UNSUBSCRIBE or update options visit:
>     http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140612/2de14798/attachment-0001.html>


More information about the asterisk-users mailing list