Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] Ast 13.10 to 13.11 stop working webrtc


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
scgm11 at gmail.com
Guest





PostPosted: Wed Oct 05, 2016 3:41 pm    Post subject: [asterisk-users] Ast 13.10 to 13.11 stop working webrtc Reply with quote

From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with


chan_sip.c:4083 retrans_pkt: Hanging up call 7238b48c11581d4166b899bf747a05f7@130.211.62.184:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).



is there any way to configure to have the previous behaviour?
Im trying to set dtlscipher=AES128-SHA but I always see 


DTLS ECDH initialized (automatic), faster PFS enabled


any idea? 


Thanks!
res_rtp_asterisk------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, e.g., sip.conf dtlsprivatekey. For example: openssl dhparam -out ./dh.pem 2048 - Because clients expect the server to prefer PFS, and because OpenSSL sorts
its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". Consider re-ordering your cipher suites in the respective configuration file. For example: dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 which forces PFS and requires at least DTLS 1.2.
Back to top
scgm11 at gmail.com
Guest





PostPosted: Thu Oct 06, 2016 10:08 am    Post subject: [asterisk-users] Ast 13.10 to 13.11 stop working webrtc Reply with quote

the issue is with chan_sip not on rtp I will check wich commit break this and fill an issue.



El mié., 5 de oct. de 2016 a la(s) 17:41, Sebastian <scgm11@gmail.com (scgm11@gmail.com)> escribió:

Quote:
From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with

chan_sip.c:4083 retrans_pkt: Hanging up call 7238b48c11581d4166b899bf747a05f7@130.211.62.184:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).

is there any way to configure to have the previous behaviour?
Im trying to set dtlscipher=AES128-SHA but I always see 

DTLS ECDH initialized (automatic), faster PFS enabled

any idea? 

Thanks!res_rtp_asterisk------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, e.g., sip.conf dtlsprivatekey. For example: openssl dhparam -out ./dh.pem 2048 - Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". Consider re-ordering your cipher suites in the respective configuration file. For example: dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 which forces PFS and requires at least DTLS 1.2.



Back to top
scgm11 at gmail.com
Guest





PostPosted: Thu Oct 06, 2016 10:41 am    Post subject: [asterisk-users] Ast 13.10 to 13.11 stop working webrtc Reply with quote

the issue is fixed in current trunk head version

El jue., 6 de oct. de 2016 a la(s) 12:07, Sebastian <scgm11@gmail.com (scgm11@gmail.com)> escribió:

Quote:
the issue is with chan_sip not on rtp I will check wich commit break this and fill an issue.

El mié., 5 de oct. de 2016 a la(s) 17:41, Sebastian <scgm11@gmail.com (scgm11@gmail.com)> escribió:
Quote:
From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with

chan_sip.c:4083 retrans_pkt: Hanging up call 7238b48c11581d4166b899bf747a05f7@130.211.62.184:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).

is there any way to configure to have the previous behaviour?
Im trying to set dtlscipher=AES128-SHA but I always see 

DTLS ECDH initialized (automatic), faster PFS enabled

any idea? 

Thanks!res_rtp_asterisk------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, e.g., sip.conf dtlsprivatekey. For example: openssl dhparam -out ./dh.pem 2048 - Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". Consider re-ordering your cipher suites in the respective configuration file. For example: dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 which forces PFS and requires at least DTLS 1.2.




Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services