<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">test on master.. work a similar test for verto maybe, this might have to do with sip specifically trying to keep state. Might make sense to build something out of libks as it has basically the same web socket code, and has both client and server web socket support in it, to do a “real” test”, instead of this fake sip without any state over web sockets.<div class=""><br class=""><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On May 12, 2017, at 11:42 AM, Luke Wahlmeier <<a href="mailto:lwahlmeier@gmail.com" class="">lwahlmeier@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">Just got done testing this on v1.6 head and master, both seem to still have this issue. This box is using libssl version 1.0.1t-1+deb8u6. I am gonna start digging more into the ws/wss/sofia code to see if I can figure it out. Any suggestions on debugging this would be appreciated.<br class=""><br class=""></div>Thanks<br class=""></div>Luke<br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, May 11, 2017 at 5:12 PM, Luke Wahlmeier <span dir="ltr" class=""><<a href="mailto:lwahlmeier@gmail.com" target="_blank" class="">lwahlmeier@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="">Its just in our isolated lab, pretty normal dell xeon server running Jessie 8.6. I just want to get it building on the same box I am testing with so setting that all up.<br class=""><br class=""></div>I was able to reproduce it w/o DTLS/Srtp. here is a much simpler and cleaned up version of the python script.<br class=""><br class=""><br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="h5">On Thu, May 11, 2017 at 4:34 PM, Michael Jerris <span dir="ltr" class=""><<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>></span> wrote:<br class=""></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><div class="h5"><div style="word-wrap:break-word" class="">what is “this environment” ?<div class=""><div class="m_2675276587231758968h5"><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On May 11, 2017, at 6:31 PM, Luke Wahlmeier <<a href="mailto:lwahlmeier@gmail.com" target="_blank" class="">lwahlmeier@gmail.com</a>> wrote:</div><br class="m_2675276587231758968m_-9144194180052449967Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class=""><div class="">Yeah I can usually get it to happen within about 5 minutes or so of testing. Still getting all setup to build freeswitch in this environment, but I should have it working by tomorrow. I will try more w/o dtls/srtp as well and make sure it does not need to be on.<br class=""><br class=""></div>Thanks<br class=""></div>Luke<br class=""></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Thu, May 11, 2017 at 4:20 PM, Michael Jerris <span dir="ltr" class=""><<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">if you can reproduce this reliably, i’d try master as well. Unless this is a bug in openssl, i can’t imagine how dtls would come into play in something like this.<br class="">
<span class=""><br class="">
> On May 11, 2017, at 5:48 PM, Luke Wahlmeier <<a href="mailto:lwahlmeier@gmail.com" target="_blank" class="">lwahlmeier@gmail.com</a>> wrote:<br class="">
><br class="">
> I keep semi-regularly running into issues using the wss transport when using dtls/strp/ice. This is on the latest 1.6.17~34~0fc0946 on Debian jessie, but I am pretty sure it was happening on the last couple releases as well.<br class="">
><br class="">
> It seems like something bad/wrong happens to the encrypted data going over the websocket coming from freeswitch when more then 1 websocket connection are going and so far ice/srtp/dtls also seem to be needed in the invite to duplicate it.<br class="">
><br class="">
> I have tried many different languages and network/ssl stacks and keep running into this. It is always on data coming in from freeswitch on the websocket connection, and its very very random. Sometimes I will get it 20 times in a row, other times it takes thousands of connections/sessions before it happen. It also, obviously, completely goes away if I use plain ws instead wss.<br class="">
><br class="">
> Here are the errors:<br class="">
> python:<br class="">
> SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_RECOR<wbr class="">D_MAC] decryption failed or bad record mac (_ssl.c:1750)<br class="">
> c/c++ (stunnel4):<br class="">
> SSL_read: 1408F119: error:1408F119:SSL routines:SSL3_GET_RECORD:decry<wbr class="">ption failed or bad record mac<br class="">
> Java:<br class="">
> java.lang.IllegalArgumentExcep<wbr class="">tion: Bad arguments<br class="">
> at javax.crypto.Mac.update(Mac.ja<wbr class="">va:509)<br class="">
> at sun.security.ssl.MAC.compute(M<wbr class="">AC.java:135)<br class="">
> at sun.security.ssl.InputRecord.c<wbr class="">heckMacTags(InputRecord.java:2<wbr class="">65)<br class="">
> at sun.security.ssl.InputRecord.d<wbr class="">ecrypt(InputRecord.java:216)<br class="">
> at sun.security.ssl.EngineInputRe<wbr class="">cord.decrypt(EngineInputRecord<wbr class="">.java:177)<br class="">
> at sun.security.ssl.SSLEngineImpl<wbr class="">.readRecord(SSLEngineImpl.java<wbr class="">:974)<br class="">
> at sun.security.ssl.SSLEngineImpl<wbr class="">.readNetRecord(SSLEngineImpl.j<wbr class="">ava:907)<br class="">
> at sun.security.ssl.SSLEngineImpl<wbr class="">.unwrap(SSLEngineImpl.java:781<wbr class="">)<br class="">
> at javax.net.ssl.SSLEngine.unwrap<wbr class="">(SSLEngine.java:624)<br class="">
><br class="">
> Attached are a simple python script to do the load, my dialplan and sip_profile. The python script can take a few runs before it see the error, and I know its not completing the sip or rtp, but even if it does this still happens.<br class="">
><br class="">
> I have also looked at libsofia-sip-ua/tport/ws.c and I dont see anything obvious. I am getting setup to build v1.6 head and test this any guidance on ways I can trouble shoot this better or requests for more info are very welcome.<br class="">
><br class=""></span></blockquote></div></div></div></blockquote></div><br class=""></div></div></div></div><br class=""></div></div><span class="">______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions<wbr class="">.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.o<wbr class="">rg</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswi<wbr class="">tch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/ma<wbr class="">ilman/listinfo/freeswitch-user<wbr class="">s</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.frees<wbr class="">witch.org/mailman/options/<wbr class="">freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></span></blockquote></div><br class=""></div>
</blockquote></div><br class=""></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></div></body></html>