[Freeswitch-users] Week in Review Feb 23rd-Mar 01

Brian West brian at freeswitch.org
Wed Mar 5 13:33:59 MSK 2014


Yes we did gain that when tls 1.2 support was added along with cipher suite selection, I almost forgot about that one!  

Sent from my iPhone

> On Mar 5, 2014, at 12:55 AM, Kathleen King <kathleen.king at quentustech.com> wrote:
> 
> Brian,
> 
> Check out a Freeswitch to Freeswitch SIP connection over TLS with sofia 
> debug all 9, thanks to Travis' commit
> d5760e0d6a05b7a13bdb044018b2334c69d6cfdf, you can see that Freeswitch is 
> negotiating the signaling connection for SIP over AES-GCM as well. It is 
> a cool Easter egg I found while practicing setting up secure VOIP. I've 
> included some sample logs below.
> 
> Community,
> 
> Does anyone have any suggestions for Freeswitch related 
> videos/screencast? I'm looking to set up some quickstart videos for 
> Freeswitch on different platforms and some walkthroughs such as how to 
> report a bug on Jira, etc.
> 
> 
> Freeswitch logs of a Freeswitch <=> Freeswitch TLS version 1.2 
> connection register packet:
> freeswitch at kathleen03>
> freeswitch at kathleen03>
> freeswitch at kathleen03> tport.c:2757 tport_wakeup_pri() 
> tport_wakeup_pri(0x7f37e0004860): events IN
> tport.c:870 tport_alloc_secondary() 
> tport_alloc_secondary(0x7f37e0004860): new secondary tport 0x7f37e0023a80
> tport_type_tcp.c:203 tport_tcp_init_secondary() 
> tport_tcp_init_secondary(0x7f37e0023a80): Setting TCP_KEEPIDLE to 30
> tport_type_tcp.c:209 tport_tcp_init_secondary() 
> tport_tcp_init_secondary(0x7f37e0023a80): Setting TCP_KEEPINTVL to 30
> tport_type_tls.c:610 tport_tls_accept() 
> tport_tls_accept(0x7f37e0023a80): new connection from 
> tls/192.168.100.233:41248/sips
> tport_tls.c:915 tls_connect() tls_connect(0x7f37e0023a80): events 
> NEGOTIATING
> tport_tls.c:915 tls_connect() tls_connect(0x7f37e0023a80): events 
> NEGOTIATING
> tport_tls.c:559 tls_post_connection_check() 
> tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen (name): 
> ECDHE-RSA-AES256-GCM-SHA384
> tport_tls.c:561 tls_post_connection_check() 
> tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen (version): 
> TLSv1/SSLv3
> tport_tls.c:564 tls_post_connection_check() 
> tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen 
> (bits/alg_bits): 256/256
> tport_tls.c:567 tls_post_connection_check() 
> tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen 
> (description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=E
> CDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
> 
> tport_tls.c:572 tls_post_connection_check() 
> tls_post_connection_check(0x7f37e0023a80): Peer did not provide X.509 
> Certificate.
> tport.c:2304 tport_set_secondary_timer() tport(0x7f37e0023a80): reset timer
> tport.c:2781 tport_wakeup() tport_wakeup(0x7f37e0023a80): events IN
> tport.c:2872 tport_recv_event() tport_recv_event(0x7f37e0023a80)
> tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f37e0023a80): 
> tls_read() returned 637
> tport.c:3213 tport_recv_iovec() tport_recv_iovec(0x7f37e0023a80) msg 
> 0x7f37e0041aa0 from (tls/192.168.100.233:41248) has 637 bytes, veclen = 1
> recv 637 bytes from tls/[192.168.100.233]:41248 at 22:06:54.881930:
> ------------------------------------------------------------------------
>    REGISTER sip:192.168.100.226:5070;transport=tls SIP/2.0
>    Via: SIP/2.0/TLS 192.168.100.233:5070;branch=z9hG4bKK8037rS2BD90H
> 
> 
> 
> 
>> On 03/04/2014 08:52 PM, Brian West wrote:
>> Kathleen,
>>    AES-GCM is only for RTP Encryption, We did and are still doing some work to clarify and improve our SRTP support and negotiation options.  I think we’ll be talking about some of these on our call tomorrow.
>> 
>> I can confirm working build solutions for Mac OS X 10.7/10.8/10.9
>> 
>> mod_v8 works on 10.8 and 10.9, I can not get it to compile on 10.7 yet.
>> 
>> Solution is here: http://www.freeswitch.org/eg/Makefile.macosx
>> 
>> I’ve noticed in some cases make install on OS X gets stuck in a loop.  If you see that please report it to JIRA, I couldn’t replicate it after ctrl+c then try again.
>> 
>> As for NetBSD, I have master running on a NetBSD 6.1.3 (64bit) with some help and patches from Michael Taylor, In addition I was able to get Solaris 11.1 (64bit) to compile and run master using gcc with MANY HACKS to the build system.  These last two platforms do require more work but I’m waiting on pending work from Mike Jerris on moving all mods to autoconf/automake which will make those last two platforms easier to support.  As we work on our build system on the unix platforms I suspect all these things will get easier to support.
>> 
>> On the Windows front, We did have an issue with the stable branch compiling in MSVC which is now fixed (Thanks Jeff), I’ve compiled master using MSVC 2012’2013 Ultimate and MSVC Express 2013 without problems after getting tripped up by that pesky autocrlf setting.
>> 
>> We need to work on updating our install and build documentation on the wiki, its starting to show its age.  If anyone would like to help please sign up for a wiki account and email me so I can approve your account faster,  Then we can all work together to improve our documentation.
>> 
>> Thanks,
>> --
>> Brian West
>> brian at freeswitch.org
>> FreeSWITCH Solutions, LLC
>> PO BOX 2531
>> Brookfield, WI 53008-2531
>> Twitter: @FreeSWITCH , @briankwest
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>> 
>> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
>> iNUM: +883 5100 1420 9001
>> ISN: 410*543
>> Skype:briankwest
>> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
>> 
>> 
>> 
>>> On Mar 4, 2014, at 9:33 PM, Kathleen King <kathleen.king at quentustech.com> wrote:
>>> 
>>> Hello, again. This week in the FreeSWITCH master branch we had 137 commits! That is an average of ten commits per day and roughly an average of one commit every hour over the entire week! Awesome! We had a neat new feature added with TLS and SRTP support for AES-GCM. This feature allows for fully encrypting calls(both signaling, and media) in a higher density and with latest TLS 1.2 so it's secure against some of the recent TLS security issues. More about this new feature can be found here on the wiki: http://en.wikipedia.org/wiki/Galois/Counter_Mode
>>> 
>>> The following bugs were squashed:
>>> 1d36f5b fixed so that max_registrations_per_extension does no limit concurrent call counts
>>> Jira: http://jira.freeswitch.org/browse/FS-5915
>>> f862c34 fixed bug in Freeswitch core dealing with calls not hanging up after hold
>>> Jira: http://jira.freeswitch.org/browse/FS-6272
>>> f751455 fix race condition where a transferring leg could be hungup on by the bridge partner from the previous bridge
>>> fa92f81 fixed bug in delay retry and clarified log line in mod_json_cdr
>>> Jira: http://jira.freeswitch.org/browse/FS-5888
>>> New features that were added:
>>> 8862fbc added 'join-only' conference flag
>>> Jira: http://jira.freeswitch.org/browse/FS-5461
>>> 5b26558 add json support for mod_event_sockets event_sink
>>> Jira: http://jira.freeswitch.org/browse/FS-5207
>>> aa78006 Added Windows equivalent of Linux's fail2ban. Thanks, drk.
>>> Jira: http://jira.freeswitch.org/browse/FS-3588
>>> 463f32c Support AES-GCM mode in SRTP
>>> Jira: http://jira.freeswitch.org/browse/FS-5937
>>> 5646957 more work to support AES-GCM mode in SRTP
>>> Jira: http://jira.freeswitch.org/browse/FS-5937
>>> a900ead added Support AES-GCM mode in SRTP
>>> Jira: http://jira.freeswitch.org/browse/FS-5937
>>> Improvements in cross platform build supports:
>>> ffa14f3 remove python requirement for libsndfile build
>>> 727ce93 more work getting FS-6271 to compile on Windows
>>> Jira: http://jira.freeswitch.org/browse/FS-6271
>>> 0c7946b improve srtp build on Dragonfly and NetBSD
>>> 44410b7 work towards building on smartos
>>> Jira: http://jira.freeswitch.org/browse/FS-6227
>>> 691c454 tagged Freeswitch 1.5.10
>>> d86bb20 added support for DESTDIR to modcheck
>>> 62a2898 update the version string
>>> 378caeb fixed building without SRTP
>>> d7794af improved build support for Dragonfly
>>> 645ab80 tagged Freeswitch version 1.5.8
>>> d97b163 upgraded mod_ruby to SWIG 2.0
>>> In terms of stability these were the use cases that were fixed:
>>> 68692d9 fixed segfault in mod_voicemail_ivr related to profile naming
>>> Jira: http://jira.freeswitch.org/browse/FS-5154
>>> e398ede fixed memory corruption and leak in mod_erlang
>>> Jira: http://jira.freeswitch.org/browse/FS-5975
>>> 827c5ac fixed segfault on second call of gsm remove 1 in mod_gsmopen
>>> Jira: http://jira.freeswitch.org/browse/FS-5908
>>> Feedback welcome and the referenced commits are in the attached text file with corresponding Jira links.
>>> -- 
>>> Kathleen King
>>> Quentus Technologies, INC
>>> 1037 NE 65th St Suite 273
>>> Seattle, WA 98115
>>> Main:   (877) 211-9337
>>> Cell:   (703) 859-3757
>>> 
>>> kathleen.king at quentustech.com
>>> <2014_2_23-2014_3_2oneline.txt>_________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>> 
>>> 
>>> 
>>> 
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> 
> -- 
> Kathleen King
> Quentus Technologies, INC
> 1037 NE 65th St Suite 273
> Seattle, WA 98115
> Main:   (877) 211-9337
> Cell:   (703) 859-3757
> kathleen.king at quentustech.com
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org



Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list