<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">No, its in the same file with ws.<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 29, 2015, at 10:16 AM, Victor Medina <<a href="mailto:victor.medina@cibersys.com" class="">victor.medina@cibersys.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:courier new,monospace">Guys.<br class=""><br class=""></div><div class="gmail_default" style="font-family:courier new,monospace">WSS is implemented on tport_tls.c right?<br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-28 17:59 GMT-04:30 Michael Jerris <span dir="ltr" class=""><<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">If this is something that is broken or will soon be, it really needs to be filed in jira or no one will be looking at it. If someone can work up a patch to fix this, that would be preferred.<div class=""><div class="h5"><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 28, 2015, at 6:09 PM, Victor Medina <<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>> wrote:</div><br class=""><div class=""><p dir="ltr" class="">Michael.<br class="">
Im having a hard time trying to get development team to use verto</p><p dir="ltr" class="">They insist on using The whole sip over ws approach since they have to Support a ios app built using cordova and Some libraries that uses sipjs.</p><p dir="ltr" class="">My other concerns is that afaik browser will requiere pfs for signalling soon</p><p dir="ltr" class="">As always thanks for Help and guidance!<br class="">
</p>
<div class="gmail_quote">El 28/09/2015 14:47, "Michael Jerris" <<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>> escribió:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">websocket proxy works with mod_verto fine.<div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 27, 2015, at 8:56 AM, Victor Medina <<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Silly question....<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Can I put Apache, doing websocket proxy infront of the WS-BINDIN (no tls) and let apache handle all tls; or there is some work involved in the Sip 2 Websocket that makes this not a recomended option?<br class=""><br class=""><br class=""></div></div><div class="gmail_extra" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br class=""><div class="gmail_quote">2015-09-25 14:45 GMT-04:30 Victor Medina<span class=""> </span><span dir="ltr" class=""><<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Thanks!<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Ill get a coffe! =)<br class=""></div></div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 14:39 GMT-04:30 Michael Jerris<span class=""> </span><span dir="ltr" class=""><<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">there was a fix for ec in wss at some point, I'd confirm this part isn't already fixed before you go too far<div class=""><div class=""><span class=""></span><br class=""><br class="">On Friday, September 25, 2015, Victor Medina <<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Um....<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Thinking...<span class=""> </span><br class="">Its a Debian 8, updated,<span class=""> </span><br class="">The fs is master, not the latest though... it is master from just about the time before 1.6 stable... so I probably should update...<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Running sslscan on some machine:<br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:5061|grep Acce<br class=""> <span class=""> </span>Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits CAMELLIA256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits ECDHE-RSA-AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits CAMELLIA128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits DES-CBC3-SHA<br class=""> <span class=""> </span>Authority Information Access:<span class=""> </span><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:12443|grep Acce<br class=""> <span class=""> </span>Accepted TLSv1 256 bits AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits CAMELLIA256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits CAMELLIA128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits DES-CBC3-SHA<br class=""> <span class=""> </span>Authority Information Access:<span class=""> </span><br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Running the same test on a recent built of v1.6<span class=""> </span><br class="">FreeSWITCH Version 1.6.0+git~20150903T203652Z~6762f14140~64bit (git 6762f14 2015-09-03 20:36:52Z 64bit)<br class=""><br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:5061|grep Acce<br class=""> <span class=""> </span>Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits AECDH-AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 256 bits CAMELLIA256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits ECDHE-RSA-AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AECDH-AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits SEED-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits CAMELLIA128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits ECDHE-RSA-RC4-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AECDH-RC4-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits RC4-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits AECDH-DES-CBC3-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits DES-CBC3-SHA<br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:7443|grep Acce<br class=""> <span class=""> </span>Accepted TLSv1 256 bits AES256-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits AES128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 128 bits CAMELLIA128-SHA<br class=""> <span class=""> </span>Accepted TLSv1 112 bits DES-CBC3-SHA<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Why it does not accept any PFS/curve/ephimereal cipher on the WSS binding? Like: ECDHE-RSA-AES256-SHA, AECDH-AES256-SHA, ECDHE-RSA-AES128-SHA?<br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 13:30 GMT-04:30 Brian West<span class=""> </span><span dir="ltr" class=""><<a class="">brian@freeswitch.org</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class="">Careful your distro may have disabled anything EC related.</div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Sep 25, 2015 at 9:18 AM, Victor Medina<span class=""> </span><span dir="ltr" class=""><<a class="">victor.medina@cibersys.com</a>></span><span class=""> </span>wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">First of all, thanks you and Good morning!.<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Although I'm using:<br class=""><br class=""> <param name="tls-version" value="tlsv1.2"/><br class=""> <param name="tls-ciphers" value="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"/><br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Im getting:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class=""> <span class=""> </span>Protocol : TLSv1.2<br class=""></span> <span class=""> </span>Cipher : AES256-GCM-SHA384<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Not bad, but not ECDHE.<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Compared to our web server:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class=""> <span class=""> </span>Protocol : TLSv1.2<br class=""> <span class=""> </span>Cipher : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></span></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace"><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="">2015-09-25 9:29 GMT-04:30 Brian West<span class=""> </span><span dir="ltr" class=""><<a class="">brian@freeswitch.org</a>></span>:<br class=""></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="">tls-cipher param.<div class=""><div class=""><br class=""><br class="">On Friday, September 25, 2015, Victor Medina <<a class="">victor.medina@cibersys.com</a>> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="font-family:'courier new',monospace">Hi guys!<br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Is there any parameter that can configure what ciphers are used on the WSS interface?<span class=""> </span><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">Im am getting...<br class=""> <br class=""><br class="">WSS interface:<br class="">SSL-Session:<br class=""> <span class=""> </span>Protocol : TLSv1.2<br class=""> <span class=""> </span>Cipher : AES256-GCM-SHA384<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family:'courier new',monospace">SIP interface, same channel:<br class="">Expansion: NONE<br class="">SSL-Session:<br class=""> <span class=""> </span>Protocol : TLSv1.2<br class=""> <span class=""> </span>Cipher : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></blockquote></div></div></div></div></div></blockquote></div></div></div></blockquote></div><br class=""></div></body></html>