
<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">on DTLS this setting is currently a no-op and the suites it uses are hard coded.<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On May 9, 2018, at 2:21 PM, Mirko Brankovic <<a href="mailto:mirkobrankovic@gmail.com" class="">mirkobrankovic@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="auto" class="">Hi,<div dir="auto" class="">I had a same problem.</div><div dir="auto" class="">Was debugging a different handshake problem, and wanted to try other chipers, but failed.</div><div dir="auto" class="">Looks like the setting is not applied at all, and would be nice to use cheeper (network wise) encroption</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Wed, May 9, 2018, 00:52 Aqs Younas <<a href="mailto:aqsyounas@gmail.com" class="">aqsyounas@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">I would also be interested to know if you make this work. <div class=""><br class=""></div><div class="">Best Regards, </div><div class=""><br class=""></div><div class="">Aqs Younas</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On 8 May 2018 at 22:11, Jerry Chinn <span dir="ltr" class=""><<a href="mailto:JHChinn@thenavisway.com" target="_blank" rel="noreferrer" class="">JHChinn@thenavisway.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang="EN-US" link="blue" vlink="purple" class="">

<div class="m_-105307582982123698m_6734958458991237101WordSection1"><p class="MsoNormal">Good Day,<u class=""></u><u class=""></u></p><p class="MsoNormal">Running FS 1.6.17 on CentOS 7.4<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">We are running WebRTC and are required to use AEAD_AES_256_GCM_8 or AEAD_AES_128_GCM_8 for security.<u class=""></u><u class=""></u></p><p class="MsoNormal">I have eliminated all of the options in the vars file except rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8.<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Calls are successfully completing, however, in debug we are seeing AES_CM_128_HMAC_SHA1_80 as the sdes suite for srtp:dtls.<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.429310 [INFO] switch_rtp.c:3185 Changing audio DTLS state from HANDSHAKE to SETUP<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3094 audio Fingerprint Verified.<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3908 Activating audio Secure RTP SEND<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type: srtp:dtls:AES_CM_128_HMAC_SHA1_80<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3886 Activating audio Secure RTP RECV<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3134 Changing audio DTLS state from SETUP to READY<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type: srtp:dtls:AES_CM_128_HMAC_SHA1_80<u class=""></u><u class=""></u></p><p class="MsoNormal">2018-05-04 22:38:30.450549 [DEBUG] switch_rtp.c:1885 rtcp_stats_init: audio ssrc[3910337773] base_seq[2433]<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Any ideas on how or where to change this to the desired encryption protocol?<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Jerry Chinn<u class=""></u><u class=""></u></p><p class="MsoNormal">Telecom VoIP Specialist<u class=""></u><u class=""></u></p><p class="MsoNormal">.<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p>

</div>

</div>


<br class="">_________________________________________________________________________<br class="">

Professional FreeSWITCH Consulting Services:<br class="">

<a href="mailto:consulting@freeswitch.org" target="_blank" rel="noreferrer" class="">consulting@freeswitch.org</a><br class="">

<a href="http://www.freeswitchsolutions.com/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">

<br class="">

Official FreeSWITCH Sites<br class="">

<a href="http://www.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">

<a href="http://confluence.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">

<a href="http://www.cluecon.com/" rel="noreferrer noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">

<br class="">

FreeSWITCH-users mailing list<br class="">

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" rel="noreferrer" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">

<a href="http://www.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></blockquote></div><br class=""></div>

_________________________________________________________________________<br class="">

Professional FreeSWITCH Consulting Services:<br class="">

<a href="mailto:consulting@freeswitch.org" target="_blank" rel="noreferrer" class="">consulting@freeswitch.org</a><br class="">

<a href="http://www.freeswitchsolutions.com/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class="">

<br class="">

Official FreeSWITCH Sites<br class="">

<a href="http://www.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">

<a href="http://confluence.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class="">

<a href="http://www.cluecon.com/" rel="noreferrer noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">

<br class="">

FreeSWITCH-users mailing list<br class="">

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" rel="noreferrer" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class="">

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="">

<a href="http://www.freeswitch.org/" rel="noreferrer noreferrer" target="_blank" class="">http://www.freeswitch.org</a></blockquote></div>

_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services:<br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></body></html>