[Freeswitch-users] WebRTC using rtp_sdes_suites=AES_CM_128_HMAC_SHA1_80
Mirko Brankovic
mirkobrankovic at gmail.com
Wed May 9 18:21:27 UTC 2018
Hi,
I had a same problem.
Was debugging a different handshake problem, and wanted to try other
chipers, but failed.
Looks like the setting is not applied at all, and would be nice to use
cheeper (network wise) encroption
On Wed, May 9, 2018, 00:52 Aqs Younas <aqsyounas at gmail.com> wrote:
> I would also be interested to know if you make this work.
>
> Best Regards,
>
> Aqs Younas
>
> On 8 May 2018 at 22:11, Jerry Chinn <JHChinn at thenavisway.com> wrote:
>
>> Good Day,
>>
>> Running FS 1.6.17 on CentOS 7.4
>>
>>
>>
>> We are running WebRTC and are required to use AEAD_AES_256_GCM_8 or
>> AEAD_AES_128_GCM_8 for security.
>>
>> I have eliminated all of the options in the vars file except
>> rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8.
>>
>>
>>
>> Calls are successfully completing, however, in debug we are seeing
>> AES_CM_128_HMAC_SHA1_80 as the sdes suite for srtp:dtls.
>>
>>
>>
>> 2018-05-04 22:38:30.429310 [INFO] switch_rtp.c:3185 Changing audio DTLS
>> state from HANDSHAKE to SETUP
>>
>> 2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3094 audio Fingerprint
>> Verified.
>>
>> 2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3908 Activating audio
>> Secure RTP SEND
>>
>> 2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type:
>> srtp:dtls:AES_CM_128_HMAC_SHA1_80
>>
>> 2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3886 Activating audio
>> Secure RTP RECV
>>
>> 2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3134 Changing audio DTLS
>> state from SETUP to READY
>>
>> 2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type:
>> srtp:dtls:AES_CM_128_HMAC_SHA1_80
>>
>> 2018-05-04 22:38:30.450549 [DEBUG] switch_rtp.c:1885 rtcp_stats_init:
>> audio ssrc[3910337773] base_seq[2433]
>>
>>
>>
>> Any ideas on how or where to change this to the desired encryption
>> protocol?
>>
>>
>>
>> Jerry Chinn
>>
>> Telecom VoIP Specialist
>>
>> .
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180509/785f8fb5/attachment.html>
More information about the FreeSWITCH-users
mailing list