Re: [asterisk-users] WSS over Asterisk
Hi I tested yesterday the SIPML5 fix and I can confirm it works as expected with Asterisk 12 SVN-trunk-r415192 using chan_sip and no DTLS enabled. Tested with Chrome 35.0.1916.153m. The patch is targeted to Chrome. Firefox still be unable to handle calls in my setup. In my tests I've found some asterisk exceptions when SIMPL5 is used from Chrome with the provided patch AND DTLS is configured for the peer in sip.conf AND certificates are installed in Chrome. I suppose this is something work in progress so I'm not worried about it. I can also confirm the problem with wss where the SIPML5 seems not able to connect to the asterisk box. Thank you and best regards, Marco Signorini. On 06/12/2014 03:21 AM, Steve Ng wrote: I am using Asterisk v12.3. As far as DTLS, I understand that applying the following Javascript will temporarily fix for SIPML5 to Asterisk: https://gist.github.com/steve-ng/14b9b88af43f92db1e46 WS works for me, its just wss which I'm stuck currently. On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina mfmolina-lis...@millenium.com.co mailto:mfmolina-lis...@millenium.com.co wrote: El 11/06/2014 1:52 p. m., Matthew Jordan escribió: On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington w...@willwh.com mailto:w...@willwh.com wrote: Chrome 35 broke all of this you need to be using DTLS now I believe. I had working secure web sockets with asterisk 12.2.x and chrome 34 and then google broke eveything :) I have not yet got around to test out DTLS etc. with chrome 35 Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf? dtlsenable=yes dtlsverify=yes dtlsrekey=60 dtlscafile=/usr/local/share/ca-certificates/myCA.crt dtlscertfile=/etc/ssl/mycert.com.pem dtlssetup=actpass I assume I also need TLS configs in http.conf Signalling is independent of the media; DTLS only affects the media. However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961 -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue. Best regards -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
I'm having the error as shown below Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1 ==stack event = starting SIPml-api.js?svn=224:1 __tsip_transport_ws_onerror SIPml-api.js?svn=224:1 __tsip_transport_ws_onclose SIPml-api.js?svn=224:1 ==stack event = failed_to_start Where if I'm connecting through ws://54.xxx.xxx.:8080/ws, it works fine. Any idea why? Sorry for the delay in answering: I meant to reply and forgot. ws:// uses HTTP and wss:// uses HTTPS so there's no way they can work via the same socket. You have to set up a separate HTTPS socket for wss. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] WSS over Asterisk
Hi, Have anyone tried using SIPML5 to connect to Asterisk over wss? I'm having the error as shown below Connecting to 'wss://54.xxx.xxx.xxx:8080/ws wss://54.254.228.251:8080/ws' SIPml-api.js?svn=224:1 ==stack event = starting SIPml-api.js?svn=224:1 __tsip_transport_ws_onerror SIPml-api.js?svn=224:1 __tsip_transport_ws_onclose SIPml-api.js?svn=224:1 ==stack event = failed_to_start Where if I'm connecting through ws://54.xxx.xxx.:8080/ws, it works fine. Any idea why? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
On Wed, Jun 11, 2014 at 2:58 AM, Steve Ng steveng.1...@gmail.com wrote: Hi, Have anyone tried using SIPML5 to connect to Asterisk over wss? I'm having the error as shown below Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1 ==stack event = starting SIPml-api.js?svn=224:1 __tsip_transport_ws_onerror SIPml-api.js?svn=224:1 __tsip_transport_ws_onclose SIPml-api.js?svn=224:1 ==stack event = failed_to_start Where if I'm connecting through ws://54.xxx.xxx.:8080/ws, it works fine. Any idea why? There was a bug in secure WebSockets (tracked under ASTERISK-21930) that was fixed in Asterisk 11.9.0: http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-11.9.0-summary.html Which version of Asterisk are you using? Is it 11.9.0 or later? -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
Chrome 35 broke all of this you need to be using DTLS now I believe. I had working secure web sockets with asterisk 12.2.x and chrome 34 and then google broke eveything :) I have not yet got around to test out DTLS etc. with chrome 35 Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf? dtlsenable=yes dtlsverify=yes dtlsrekey=60 dtlscafile=/usr/local/share/ca-certificates/myCA.crt dtlscertfile=/etc/ssl/mycert.com.pem dtlssetup=actpass I assume I also need TLS configs in http.conf William Hetherington w - www.willwh.com t - @wmwh On Wed, Jun 11, 2014 at 11:28 AM, Matthew Jordan mjor...@digium.com wrote: On Wed, Jun 11, 2014 at 2:58 AM, Steve Ng steveng.1...@gmail.com wrote: Hi, Have anyone tried using SIPML5 to connect to Asterisk over wss? I'm having the error as shown below Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1 ==stack event = starting SIPml-api.js?svn=224:1 __tsip_transport_ws_onerror SIPml-api.js?svn=224:1 __tsip_transport_ws_onclose SIPml-api.js?svn=224:1 ==stack event = failed_to_start Where if I'm connecting through ws://54.xxx.xxx.:8080/ws, it works fine. Any idea why? There was a bug in secure WebSockets (tracked under ASTERISK-21930) that was fixed in Asterisk 11.9.0: http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-11.9.0-summary.html Which version of Asterisk are you using? Is it 11.9.0 or later? -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington w...@willwh.com wrote: Chrome 35 broke all of this you need to be using DTLS now I believe. I had working secure web sockets with asterisk 12.2.x and chrome 34 and then google broke eveything :) I have not yet got around to test out DTLS etc. with chrome 35 Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf? dtlsenable=yes dtlsverify=yes dtlsrekey=60 dtlscafile=/usr/local/share/ca-certificates/myCA.crt dtlscertfile=/etc/ssl/mycert.com.pem dtlssetup=actpass I assume I also need TLS configs in http.conf Signalling is independent of the media; DTLS only affects the media. However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961 -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
El 11/06/2014 1:52 p. m., Matthew Jordan escribió: On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington w...@willwh.com mailto:w...@willwh.com wrote: Chrome 35 broke all of this you need to be using DTLS now I believe. I had working secure web sockets with asterisk 12.2.x and chrome 34 and then google broke eveything :) I have not yet got around to test out DTLS etc. with chrome 35 Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf? dtlsenable=yes dtlsverify=yes dtlsrekey=60 dtlscafile=/usr/local/share/ca-certificates/myCA.crt dtlscertfile=/etc/ssl/mycert.com.pem dtlssetup=actpass I assume I also need TLS configs in http.conf Signalling is independent of the media; DTLS only affects the media. However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961 -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue. Best regards --- Este mensaje y sus anexos son para uso exclusivo de sus destinatarios y puede contener informacion confidencial y/o privada protegida legalmente. Si usted no es el destinatario, se le notifica que cualquier distribucion o reproduccion de este mensaje, o de cualquiera de sus anexos, esta estrictamente prohibida. Si usted ha recibido este mensaje por error, por favor notifiquenos inmediatamente y elimine su texto original, incluidos los anexos y destruya cualquier reproduccion del mismo. Las opiniones expresadas en este mensaje son responsabilidad exclusiva de quien las emite y no necesariamente reflejan la posicion de Millenium Phone Center S.A, ni comprometen la responsabilidad institucional por el uso que el destinatario haga de las mismas. - _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] WSS over Asterisk
I am using Asterisk v12.3. As far as DTLS, I understand that applying the following Javascript will temporarily fix for SIPML5 to Asterisk: https://gist.github.com/steve-ng/14b9b88af43f92db1e46 WS works for me, its just wss which I'm stuck currently. On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina mfmolina-lis...@millenium.com.co wrote: El 11/06/2014 1:52 p. m., Matthew Jordan escribió: On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington w...@willwh.com wrote: Chrome 35 broke all of this you need to be using DTLS now I believe. I had working secure web sockets with asterisk 12.2.x and chrome 34 and then google broke eveything :) I have not yet got around to test out DTLS etc. with chrome 35 Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf? dtlsenable=yes dtlsverify=yes dtlsrekey=60 dtlscafile=/usr/local/share/ca-certificates/myCA.crt dtlscertfile=/etc/ssl/mycert.com.pem dtlssetup=actpass I assume I also need TLS configs in http.conf Signalling is independent of the media; DTLS only affects the media. However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961 -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com http://asterisk.org It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue. Best regards -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
