Re: [asterisk-users] WSS over Asterisk

Wed, 11 Jun 2014 13:38:09 -0700 

El 11/06/2014 1:52 p. m., Matthew Jordan escribió:





On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <[email protected] 
<mailto:[email protected]>> wrote:


    Chrome 35 broke all of this.... you need to be using DTLS now I
    believe.

    I had working secure web sockets with asterisk 12.2.x and chrome
    34.... and then google broke eveything :)

    I have not yet got around to test out DTLS etc. with chrome 35

    Just so I don't waste too much time when I go to test, does anyone
    know if all that's required for DTLS on the asterisk side is the
    following in sip.conf?

    dtlsenable=yes
    dtlsverify=yes
    dtlsrekey=60
    dtlscafile=/usr/local/share/ca-certificates/myCA.crt
    dtlscertfile=/etc/ssl/mycert.com.pem
    dtlssetup=actpass

    I assume I also need TLS configs in http.conf


Signalling is independent of the media; DTLS only affects the media.


However, there are known issues with Chrome's negotiation of DTLS and 
Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961



--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org



It is broken in Chrome (firefox never had SDES) because the WebRTC 
standard favoured the DTLS SRTP implementation instead of the SDES one. 
The thing is that although Asterisk supports DTLS implementation, it 
only supports SHA-1 hashing but both Firefox and Chrome work with 
SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this 
issue.


Best regards

-----------------------------------------------------------------------------------
Este mensaje y sus anexos son para uso exclusivo de sus destinatarios y puede

contener informacion confidencial y/o privada protegida legalmente. Si usted 
no es el destinatario, se le notifica que cualquier distribucion o reproduccion
de este mensaje, o de cualquiera de sus anexos, esta estrictamente prohibida. 
Si usted ha recibido este mensaje por error, por favor notifiquenos inmediatamente

y elimine su texto original, incluidos los anexos y destruya cualquier 
reproduccion
del mismo. Las opiniones expresadas en este mensaje son responsabilidad 
exclusiva

de quien las emite y no necesariamente reflejan la posicion de Millenium Phone 
Center S.A, ni comprometen la responsabilidad institucional por el uso que el 
destinatario haga de las mismas. 
-----------------------------------------------------------------------------------
-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





















					Reply via email to