<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">El 11/06/2014 1:52 p. m., Matthew
      Jordan escribió:<br>
    </div>
    <blockquote
cite="mid:CAN2PU+5iHi0_tFgpg=7jXPr2BSWa68Q9n3smA-fnR-XNr+hLJg@mail.gmail.com"
      type="cite">
      <div dir="ltr"><br>
        <div class="gmail_extra"><br>
          <br>
          <div class="gmail_quote">On Wed, Jun 11, 2014 at 1:32 PM,
            William Hetherington <span dir="ltr"><<a
                moz-do-not-send="true" href="mailto:will@willwh.com"
                target="_blank">will@willwh.com</a>></span> wrote:<br>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">
              <div dir="ltr">Chrome 35 broke all of this.... you need to
                be using DTLS now I believe.
                <div><br>
                </div>
                <div>I had working secure web sockets with asterisk
                  12.2.x and chrome 34.... and then google broke
                  eveything :)</div>
                <div>
                  <br>
                </div>
                <div>I have not yet got around to test out DTLS etc.
                  with chrome 35</div>
                <div><br>
                </div>
                <div>Just so I don't waste too much time when I go to
                  test, does anyone know if all that's required for DTLS
                  on the asterisk side is the following in sip.conf?</div>
                <div><br>
                </div>
                <div>
                  <div>dtlsenable=yes</div>
                  <div>dtlsverify=yes</div>
                  <div>dtlsrekey=60</div>
                  <div>dtlscafile=/usr/local/share/ca-certificates/myCA.crt</div>
                  <div>dtlscertfile=/etc/ssl/mycert.com.pem</div>
                  <div>dtlssetup=actpass</div>
                </div>
                <div><br>
                </div>
                <div>I assume I also need TLS configs in http.conf</div>
              </div>
              <div class="gmail_extra"><br clear="all">
              </div>
            </blockquote>
          </div>
          <br>
        </div>
        <div class="gmail_extra">Signalling is independent of the media;
          DTLS only affects the media.<br>
          <br>
          However, there are known issues with Chrome's negotiation of
          DTLS and Asterisk - see <a moz-do-not-send="true"
            href="https://issues.asterisk.org/jira/browse/ASTERISK-22961">https://issues.asterisk.org/jira/browse/ASTERISK-22961</a><br>
          <br>
        </div>
        <div class="gmail_extra"><br>
          -- <br>
          <div dir="ltr">
            <div>Matthew Jordan<br>
            </div>
            <div>Digium, Inc. | Engineering Manager</div>
            <div>445 Jan Davis Drive NW - Huntsville, AL 35806 - USA</div>
            <div>Check us out at: <a moz-do-not-send="true"
                href="http://digium.com" target="_blank">http://digium.com</a>
              & <a moz-do-not-send="true"
                href="http://asterisk.org" target="_blank">http://asterisk.org</a></div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    It is broken in Chrome (firefox never had SDES) because the WebRTC
    standard favoured the DTLS SRTP implementation instead of the SDES
    one. The thing is that although Asterisk supports DTLS
    implementation, it only supports SHA-1 hashing but both Firefox and
    Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an
    effort to solve this issue.<br>
    <br>
    Best regards<br>
  </body>
</html>