<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">No, its in the same file with ws.<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 29, 2015, at 10:16 AM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:courier new,monospace">Guys.<br class=""><br class=""></div><div class="gmail_default" style="font-family:courier new,monospace">WSS is implemented on tport_tls.c right?<br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-28 17:59 GMT-04:30 Michael Jerris <span dir="ltr" class="">&lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">If this is something that is broken or will soon be, it really needs to be filed in jira or no one will be looking at it.&nbsp; If someone can work up a patch to fix this, that would be preferred.<div class=""><div class="h5"><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 28, 2015, at 6:09 PM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class=""><div class=""><p dir="ltr" class="">Michael.<br class="">
Im having a hard time trying to get development team to use verto</p><p dir="ltr" class="">They insist on using The whole sip over ws approach since they have to Support a ios app built using cordova and Some libraries that uses sipjs.</p><p dir="ltr" class="">My other concerns is that afaik browser will requiere pfs for signalling soon</p><p dir="ltr" class="">As always thanks for Help and guidance!<br class="">
</p>
<div class="gmail_quote">El 28/09/2015 14:47, "Michael Jerris" &lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt; escribió:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">websocket proxy works with mod_verto fine.<div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 27, 2015, at 8:56 AM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class=""><div class=""><div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Silly question....<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Can I put Apache, doing websocket proxy infront of the WS-BINDIN (no tls) and let apache handle all tls; or there is some work involved in the Sip 2 Websocket that makes this not a recomended option?<br class=""><br class=""><br class=""></div></div><div class="gmail_extra" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br class=""><div class="gmail_quote">2015-09-25 14:45 GMT-04:30 Victor Medina<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Thanks!<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Ill get a coffe! =)<br class=""></div></div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 14:39 GMT-04:30 Michael Jerris<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">there was a fix for ec in wss at some point, I'd confirm this part isn't already fixed before you go too far<div class=""><div class=""><span class=""></span><br class=""><br class="">On Friday, September 25, 2015, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Um....<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Thinking...<span class="">&nbsp;</span><br class="">Its a Debian 8, updated,<span class="">&nbsp;</span><br class="">The fs is master, not the latest though... it is master from just about the time before 1.6 stable... so I probably should update...<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Running sslscan on some machine:<br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:5061|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; ECDHE-RSA-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; ECDHE-RSA-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Authority Information Access:<span class="">&nbsp;</span><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:12443|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Authority Information Access:<span class="">&nbsp;</span><br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Running the same test on a recent built of v1.6<span class="">&nbsp;</span><br class="">FreeSWITCH Version 1.6.0+git~20150903T203652Z~6762f14140~64bit (git 6762f14 2015-09-03 20:36:52Z 64bit)<br class=""><br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:5061|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; ECDHE-RSA-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AECDH-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AECDH-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; SEED-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AECDH-RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; ECDHE-RSA-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; AECDH-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:7443|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Why it does not accept any PFS/curve/ephimereal cipher on the WSS binding? Like: ECDHE-RSA-AES256-SHA, AECDH-AES256-SHA, ECDHE-RSA-AES128-SHA?<br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 13:30 GMT-04:30 Brian West<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">brian@freeswitch.org</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class="">Careful your distro may have disabled anything EC related.</div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Sep 25, 2015 at 9:18 AM, Victor Medina<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">victor.medina@cibersys.com</a>&gt;</span><span class="">&nbsp;</span>wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">First of all, thanks you and Good morning!.<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Although I'm using:<br class=""><br class="">&nbsp;&lt;param name="tls-version" value="tlsv1.2"/&gt;<br class="">&nbsp;&lt;param name="tls-ciphers" value="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"/&gt;<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Im getting:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class=""></span>&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : AES256-GCM-SHA384<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Not bad, but not ECDHE.<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Compared to our web server:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></span></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="">2015-09-25 9:29 GMT-04:30 Brian West<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">brian@freeswitch.org</a>&gt;</span>:<br class=""></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="">tls-cipher param.<div class=""><div class=""><br class=""><br class="">On Friday, September 25, 2015, Victor Medina &lt;<a class="">victor.medina@cibersys.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Hi guys!<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Is there any parameter that can configure what ciphers are used on the WSS interface?<span class="">&nbsp;</span><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Im am getting...<br class="">&nbsp;<br class=""><br class="">WSS interface:<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : AES256-GCM-SHA384<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">SIP interface, same channel:<br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></blockquote></div></div></div></div></div></blockquote></div></div></div></blockquote></div><br class=""></div></body></html>