<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">what is “this environment” ?<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On May 11, 2017, at 6:31 PM, Luke Wahlmeier <<a href="mailto:lwahlmeier@gmail.com" class="">lwahlmeier@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">Yeah I can usually get it to happen within about 5 minutes or so of testing. Still getting all setup to build freeswitch in this environment, but I should have it working by tomorrow. I will try more w/o dtls/srtp as well and make sure it does not need to be on.<br class=""><br class=""></div>Thanks<br class=""></div>Luke<br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, May 11, 2017 at 4:20 PM, Michael Jerris <span dir="ltr" class=""><<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">if you can reproduce this reliably, i’d try master as well. Unless this is a bug in openssl, i can’t imagine how dtls would come into play in something like this.<br class="">
<span class=""><br class="">
> On May 11, 2017, at 5:48 PM, Luke Wahlmeier <<a href="mailto:lwahlmeier@gmail.com" class="">lwahlmeier@gmail.com</a>> wrote:<br class="">
><br class="">
> I keep semi-regularly running into issues using the wss transport when using dtls/strp/ice. This is on the latest 1.6.17~34~0fc0946 on Debian jessie, but I am pretty sure it was happening on the last couple releases as well.<br class="">
><br class="">
> It seems like something bad/wrong happens to the encrypted data going over the websocket coming from freeswitch when more then 1 websocket connection are going and so far ice/srtp/dtls also seem to be needed in the invite to duplicate it.<br class="">
><br class="">
> I have tried many different languages and network/ssl stacks and keep running into this. It is always on data coming in from freeswitch on the websocket connection, and its very very random. Sometimes I will get it 20 times in a row, other times it takes thousands of connections/sessions before it happen. It also, obviously, completely goes away if I use plain ws instead wss.<br class="">
><br class="">
> Here are the errors:<br class="">
> python:<br class="">
> SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_<wbr class="">RECORD_MAC] decryption failed or bad record mac (_ssl.c:1750)<br class="">
> c/c++ (stunnel4):<br class="">
> SSL_read: 1408F119: error:1408F119:SSL routines:SSL3_GET_RECORD:<wbr class="">decryption failed or bad record mac<br class="">
> Java:<br class="">
> java.lang.<wbr class="">IllegalArgumentException: Bad arguments<br class="">
> at javax.crypto.Mac.update(Mac.<wbr class="">java:509)<br class="">
> at sun.security.ssl.MAC.compute(<wbr class="">MAC.java:135)<br class="">
> at sun.security.ssl.InputRecord.<wbr class="">checkMacTags(InputRecord.java:<wbr class="">265)<br class="">
> at sun.security.ssl.InputRecord.<wbr class="">decrypt(InputRecord.java:216)<br class="">
> at sun.security.ssl.<wbr class="">EngineInputRecord.decrypt(<wbr class="">EngineInputRecord.java:177)<br class="">
> at sun.security.ssl.<wbr class="">SSLEngineImpl.readRecord(<wbr class="">SSLEngineImpl.java:974)<br class="">
> at sun.security.ssl.<wbr class="">SSLEngineImpl.readNetRecord(<wbr class="">SSLEngineImpl.java:907)<br class="">
> at sun.security.ssl.<wbr class="">SSLEngineImpl.unwrap(<wbr class="">SSLEngineImpl.java:781)<br class="">
> at javax.net.ssl.SSLEngine.<wbr class="">unwrap(SSLEngine.java:624)<br class="">
><br class="">
> Attached are a simple python script to do the load, my dialplan and sip_profile. The python script can take a few runs before it see the error, and I know its not completing the sip or rtp, but even if it does this still happens.<br class="">
><br class="">
> I have also looked at libsofia-sip-ua/tport/ws.c and I dont see anything obvious. I am getting setup to build v1.6 head and test this any guidance on ways I can trouble shoot this better or requests for more info are very welcome.<br class="">
><br class=""></span></blockquote></div></div></div></blockquote></div><br class=""></div></body></html>