>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with
chan_sip.c:4083 retrans_pkt: Hanging up call [email protected]:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions). is there any way to configure to have the previous behaviour? Im trying to set dtlscipher=AES128-SHA but I always see DTLS ECDH initialized (automatic), faster PFS enabled any idea? Thanks! res_rtp_asterisk ------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, e.g., sip.conf dtlsprivatekey. For example: openssl dhparam -out ./dh.pem 2048 - Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, see "openssl ciphers -v DEFAULT". Consider re-ordering your cipher suites in the respective configuration file. For example: dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 which forces PFS and requires at least DTLS 1.2.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016 http://www.asterisk.org/community/astricon-user-conference New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
