<div dir="ltr">It's already there, unless your version of OpenSSL doesn't have DTLS v1.2, Its wrapped in an ifdef HAVE_OPENSSL_DTLSv1_2_method<div><br></div><div>/b</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 19, 2020 at 4:56 AM Valli A. Vallimamod <<a href="mailto:vma@vallimamod.org">vma@vallimamod.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
As you look familiar with the source code, you may add <br>
<br>
SSL_CTX_set_min_proto_version(dtls->ssl_ctx, DTLS1_2_VERSION);<br>
<br>
as a quick hack in switch_rtp.c around where DTLS_server_method() / DTLS_client_method() are called.<br>
<br>
But it looks like a bug, you should create an issue on github.<br>
<br>
<br>
<br>
Best Regards,<br>
-- <br>
Valli A. Vallimamod<br>
SIP Solutions<br>
vma@sip.solutions<br>
<a href="http://linkedin.com/in/vallimamod" rel="noreferrer" target="_blank">linkedin.com/in/vallimamod</a><br>
.<br>
<br>
<br>
> On 12 May 2020, at 19:43, François-Xavier Geneste <<a href="mailto:fx.geneste@telemaque.fr" target="_blank">fx.geneste@telemaque.fr</a>> wrote:<br>
> <br>
> Hello guys,<br>
> <br>
> I'm facing a big trouble for several hours ago and need help.... I'm using Freeswitch v1.10.2 with webRTC successfully installed and running. On the user/webphone side, I'm using Chrome 81.0.4044.138. Incoming and outgoing calls works fine with my webphone stack on my browsers (Firefox, Chrome). No warnings or errors at both sides.<br>
> <br>
> But when I do the following scenario with a webphone that can manage several calls at the same time (multi-line feature), it does not work :<br>
> <br>
> • make a first call routed to a webrtc extension, answer it and keep it connected<br>
> • make a second call routed to the same extension, do not answer and keep the first call connected<br>
> • make a third call routed to the same extension and hold the first line to accept this new call=> when I try to answer this 3rd call, the call is always dropped<br>
> After digging into logs, and packets captured with wireshark, I found that when the freeswitch try to exchange with the browser to negociate SRTP flow for the 3rd call, it use DTLS v1.0 protocol (instead of v1.2) :<br>
> <br>
> <lnancehjiedpjici.png><br>
> <br>
> Unfortunately, support for DTLS v1.0 seems to have been dropped on my webphone/browser side and the freeswitch fail on last DTLS exchange with this logs :<br>
> <br>
> [INFO] switch_rtp.c:3736 Activate RTP/RTCP audio DTLS client<br>
> [INFO] switch_rtp.c:3903 Changing audio DTLS state from OFF to HANDSHAKE<br>
> [...]<br>
> [ERR] switch_rtp.c:3266 audio Handshake failure 1. This may happen when you use legacy DTLS v1.0 (legacyDTLS channel var is set) but endpoint requires DTLS v1.2.<br>
> <br>
> <br>
> On freeswitch side, I found only one option linked to the DTLS version (legacyDTLS, as written in logs) which I never set in my config. I checked my open ssl version on the freeswitch server (1.1.1d).<br>
> <br>
> The thing that is disturbing to me is that if I hold the first call and answer the second call, it works well. The issue occurs only for the third call and after a missed/refused call while still connected with first call in parallel.<br>
> <br>
> Digging into freeswitch source, I found that it seems to use version-flexible DTLS methods of openssl (DTLS_server_method() and DTLS_client_method()) and I cannot see how to quicly and simply always force DTLS v1.2 ?<br>
> <br>
> Have any of you ever had this kind of problem or know how to solve it ?<br>
> <br>
> Regards,<br>
> <br>
> FX<br>
> <br>
> _________________________________________________________________________<br>
> <br>
> The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
> Build your next product on our scalable cloud platform.<br>
> <br>
> Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
> <br>
> Professional FreeSWITCH Services<br>
> <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
> <a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
> <br>
> Official FreeSWITCH Sites<br>
> <a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
> <a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
> <a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
> <br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
<br>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><font color="#000000"><br></font></div><div style="font-size:12.8px"><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Brian West | Co-founder and Developer</font></span></p><p style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Need Commercial support? email <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">FreeSWITCH Solutions | <a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" style="color:rgb(17,85,204)" target="_blank">17345 Civic Drive #2531 Brookfield, WI 53045</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="color:rgb(17,85,204);font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Mobile: <span title="Call with Google Voice">918-424-9378</span></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Website: </span><a href="https://www.freeswitch.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">https://www.FreeSWITCH.com</span></a></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="background-color:transparent;font-size:9pt;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://www.facebook.com/freeswitch" target="_blank"><img alt="https://www.facebook.com/signalwireinc?src=email" src="https://lh6.googleusercontent.com/AYfRoSNaDNtMPRMevPn_GqcVEMd5NDRFi0GlluGUWzV6I5TAY_3T2-Tt0IuIXeUtEdYsgNsM8DOYKRKhjmrG_-n2Ga-LCnoNk46sO8VyEma1sBFYdiGJcLRUvkrD1CYHN79qimeg" width="31" height="31" style="border: none;"></a> </span><span style="background-color:transparent;font-size:9pt;font-family:Tahoma;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://twitter.com/freeswitch" target="_blank"><img alt="https://twitter.com/freeswitch" src="https://lh3.googleusercontent.com/W4SqXyybH2qdAozvtoKjcz736qOjk9LHDwldvs1ahc-WVU0putVMSsUH474KDrJ32jsqi6JDjyUWxqeEkN5I1xSlC5ShYrd1b8NIMUkDzDrtbWQfa6A_90UcygqesBtRLgeFirKa" width="31" height="31" style="border: none;"></a></span><br></p></div></div></div></div></div></div></div></div></div></div></div></div></div>