VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
steveng.1988 at gmail.com
Guest
|
 Posted: Wed Jun 11, 2014 2:58 am Post subject: [asterisk-users] WSS over Asterisk |
 |
|
Hi,
Have anyone tried using SIPML5 to connect to Asterisk over wss?
I'm having the error as shown belowÂ
Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1
==stack event = starting SIPml-api.js?svn=224:1
__tsip_transport_ws_onerror SIPml-api.js?svn=224:1
__tsip_transport_ws_onclose SIPml-api.js?svn=224:1
==stack event = failed_to_start
Where if I'm connecting through ws://54.xxx.xxx.xxxx:8080/ws, it works fine. Any idea why? |
|
| Back to top |
|
 |
mjordan at digium.com
Guest
|
| Posted: Wed Jun 11, 2014 1:28 pm Post subject: [asterisk-users] WSS over Asterisk |
|
|
On Wed, Jun 11, 2014 at 2:58 AM, Steve Ng <steveng.1988@gmail.com (steveng.1988@gmail.com)> wrote:
| Quote: | Hi,
Have anyone tried using SIPML5 to connect to Asterisk over wss?
I'm having the error as shown belowÂ
Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1
==stack event = starting SIPml-api.js?svn=224:1
__tsip_transport_ws_onerror SIPml-api.js?svn=224:1
__tsip_transport_ws_onclose SIPml-api.js?svn=224:1
==stack event = failed_to_start
Where if I'm connecting through ws://54.xxx.xxx.xxxx:8080/ws, it works fine. Any idea why?Â
|
There was a bug in secure WebSockets (tracked under ASTERISK-21930) that was fixed in Asterisk 11.9.0:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-11.9.0-summary.html
Which version of Asterisk are you using? Is it 11.9.0 or later?
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org |
|
| Back to top |
|
|
will at willwh.com
Guest
|
| Posted: Wed Jun 11, 2014 1:33 pm Post subject: [asterisk-users] WSS over Asterisk |
|
|
Chrome 35 broke all of this.... you need to be using DTLS now I believe.
I had working secure web sockets with asterisk 12.2.x and chrome 34.... and then google broke eveything 
I have not yet got around to test out DTLS etc. with chrome 35
Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf?
dtlsenable=yes
dtlsverify=yes
dtlsrekey=60
dtlscafile=/usr/local/share/ca-certificates/myCA.crt
dtlscertfile=/etc/ssl/mycert.com.pem
dtlssetup=actpass
I assume I also need TLS configs in http.conf
William Hetheringtonw - www.willwh.com
t - @wmwh
On Wed, Jun 11, 2014 at 11:28 AM, Matthew Jordan <mjordan@digium.com (mjordan@digium.com)> wrote:
|
|
| Back to top |
|
|
mjordan at digium.com
Guest
|
| Posted: Wed Jun 11, 2014 1:52 pm Post subject: [asterisk-users] WSS over Asterisk |
|
|
On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <will@willwh.com (will@willwh.com)> wrote:
| Quote: | Chrome 35 broke all of this.... you need to be using DTLS now I believe.
I had working secure web sockets with asterisk 12.2.x and chrome 34.... and then google broke eveything
I have not yet got around to test out DTLS etc. with chrome 35
Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf?
dtlsenable=yes
dtlsverify=yes
dtlsrekey=60
dtlscafile=/usr/local/share/ca-certificates/myCA.crt
dtlscertfile=/etc/ssl/mycert.com.pem
dtlssetup=actpass
I assume I also need TLS configs in http.conf
|
Signalling is independent of the media; DTLS only affects the media.
However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org |
|
| Back to top |
|
|
mfmolina-listas at mil...
Guest
|
| Posted: Wed Jun 11, 2014 3:37 pm Post subject: [asterisk-users] WSS over Asterisk |
|
|
El 11/06/2014 1:52 p. m., Matthew Jordan escribió:
| Quote: |
On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <will@willwh.com (will@willwh.com)> wrote:
| Quote: | Chrome 35 broke all of this.... you need to be using DTLS now I believe.
I had working secure web sockets with asterisk 12.2.x and chrome 34.... and then google broke eveything
I have not yet got around to test out DTLS etc. with chrome 35
Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf?
dtlsenable=yes
dtlsverify=yes
dtlsrekey=60
dtlscafile=/usr/local/share/ca-certificates/myCA.crt
dtlscertfile=/etc/ssl/mycert.com.pem
dtlssetup=actpass
I assume I also need TLS configs in http.conf
|
Signalling is independent of the media; DTLS only affects the media.
However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
|
It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue.
Best regards |
|
| Back to top |
|
|
steveng.1988 at gmail.com
Guest
|
| Posted: Wed Jun 11, 2014 8:21 pm Post subject: [asterisk-users] WSS over Asterisk |
|
|
I am using Asterisk v12.3.Â
As far as DTLS, I understand that applying the following Javascript will temporarily fix for SIPML5 to Asterisk: https://gist.github.com/steve-ng/14b9b88af43f92db1e46
WS works for me, its just wss which I'm stuck currently.Â
On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina <mfmolina-listas@millenium.com.co (mfmolina-listas@millenium.com.co)> wrote:
| Quote: | El 11/06/2014 1:52 p. m., Matthew Jordan escribió:
| Quote: |
On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <will@willwh.com (will@willwh.com)> wrote:
| Quote: | Chrome 35 broke all of this.... you need to be using DTLS now I believe.
I had working secure web sockets with asterisk 12.2.x and chrome 34.... and then google broke eveything
I have not yet got around to test out DTLS etc. with chrome 35
Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf?
dtlsenable=yes
dtlsverify=yes
dtlsrekey=60
dtlscafile=/usr/local/share/ca-certificates/myCA.crt
dtlscertfile=/etc/ssl/mycert.com.pem
dtlssetup=actpass
I assume I also need TLS configs in http.conf
|
Signalling is independent of the media; DTLS only affects the media.
However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
|
It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue.
Best regards
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
        http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
| Back to top |
|
|
marcotasto at libero.it
Guest
|
| Posted: Thu Jun 12, 2014 2:13 am Post subject: [asterisk-users] WSS over Asterisk |
|
|
Hi
I tested yesterday the SIPML5 fix and I can confirm it works as expected with Asterisk 12 SVN-trunk-r415192 using chan_sip and no DTLS enabled.
Tested with Chrome 35.0.1916.153m.
The patch is targeted to Chrome. Firefox still be unable to handle calls in my setup.
In my tests I've found some asterisk exceptions when SIMPL5 is used from Chrome with the provided patch AND DTLS is configured for the peer in sip.conf AND certificates are installed in Chrome. I suppose this is something work in progress so I'm not worried about it.
I can also confirm the problem with wss where the SIPML5 seems not able to connect to the asterisk box.
Thank you and best regards,
Marco Signorini.
On 06/12/2014 03:21 AM, Steve Ng wrote:
| Quote: | I am using Asterisk v12.3.
As far as DTLS, I understand that applying the following Javascript will temporarily fix for SIPML5 to Asterisk: https://gist.github.com/steve-ng/14b9b88af43f92db1e46
WS works for me, its just wss which I'm stuck currently.
On Thu, Jun 12, 2014 at 4:37 AM, Miguel Molina <mfmolina-listas@millenium.com.co (mfmolina-listas@millenium.com.co)> wrote:
| Quote: | El 11/06/2014 1:52 p. m., Matthew Jordan escribió:
| Quote: |
On Wed, Jun 11, 2014 at 1:32 PM, William Hetherington <will@willwh.com (will@willwh.com)> wrote:
| Quote: | Chrome 35 broke all of this.... you need to be using DTLS now I believe.
I had working secure web sockets with asterisk 12.2.x and chrome 34.... and then google broke eveything
I have not yet got around to test out DTLS etc. with chrome 35
Just so I don't waste too much time when I go to test, does anyone know if all that's required for DTLS on the asterisk side is the following in sip.conf?
dtlsenable=yes
dtlsverify=yes
dtlsrekey=60
dtlscafile=/usr/local/share/ca-certificates/myCA.crt
dtlscertfile=/etc/ssl/mycert.com.pem
dtlssetup=actpass
I assume I also need TLS configs in http.conf
|
Signalling is independent of the media; DTLS only affects the media.
However, there are known issues with Chrome's negotiation of DTLS and Asterisk - see https://issues.asterisk.org/jira/browse/ASTERISK-22961
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
|
It is broken in Chrome (firefox never had SDES) because the WebRTC standard favoured the DTLS SRTP implementation instead of the SDES one. The thing is that although Asterisk supports DTLS implementation, it only supports SHA-1 hashing but both Firefox and Chrome work with SHA-256. The patch proposed in ASTERISK-22961 is an effort to solve this issue.
Best regards
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
|
| Back to top |
|
|
kenner at gnat.com
Guest
|
| Posted: Thu Jun 12, 2014 7:16 am Post subject: [asterisk-users] WSS over Asterisk |
|
|
| Quote: | I'm having the error as shown belowÂ
Connecting to 'wss://54.xxx.xxx.xxx:8080/ws' SIPml-api.js?svn=224:1
==stack event = starting SIPml-api.js?svn=224:1
__tsip_transport_ws_onerror SIPml-api.js?svn=224:1
__tsip_transport_ws_onclose SIPml-api.js?svn=224:1
==stack event = failed_to_start
Where if I'm connecting through ws://54.xxx.xxx.xxxx:8080/ws, it works fine.
Any idea why?Â
|
Sorry for the delay in answering: I meant to reply and forgot.
"ws://" uses HTTP and "wss://" uses HTTPS so there's no way they can
work via the same socket. You have to set up a separate HTTPS socket
for wss.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
