[Freeswitch-users] ciphers not available for verto wss (neither wss on sip profile)

GM phy servtelar at gmail.com
Thu Oct 26 02:32:26 UTC 2017


Hello, im having this issue and by now i found no way to figure it out.

enabling tls on internal, if a exec

openssl s_client -connect 10.10.10.9:5061 -tls1_2

Connection is established and server returns my certificate and this
information

--
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES256-GCM-SHA384
...
--

When i run the same comand for port 7443 (the wss binding on internal
profile) or port 8082 (verto wss) i get (same on both cases)

--
New, TLSv1/SSLv3, Cipher is ECDH-RSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDH-RSA-AES256-GCM-SHA384
...
--

This causes that all of the webrtc phones we're using (some with sipjs,
some with verto) are unable to establish the wss socket in order to
register and make calls. On the browser console i get Protocol mismatch,
and on a pcap, server rejects the ssl handshake with code 40.

I've been working with the code on mod_verto.c and ws.c with no luck.
basically what im looking for is for verto and/or wss on internal profile,
to support Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 (or ECDHE-ECDSA) in
order to webrtc can connect to fs.

any help will be really appreciated.

thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20171025/557d17f3/attachment-0001.html>


More information about the FreeSWITCH-users mailing list