[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-dev
Subject: Re: [asterisk-dev] Asterisk 11; WEBRTC firefox nightly build fingeprint sha-256
From: Matthew Jordan <mjordan () digium ! com>
Date: 2013-02-22 21:09:10
Message-ID: 5127DE76.4050307 () digium ! com
[Download RAW message or body]
On 02/22/2013 10:40 AM, Mitja Kaučič wrote:
> Hello Joshua and Matthew.
>
> I would be happy to contribute with a patch.
> I just need folowing info:
> 1. With witch client can i test the current implementation of DTLS-SRTP on \
> asterisk?
They're rather hard to find.
When Josh wrote DTLS-SRTP support for Asterisk, we did a fairly
exhaustive search looking for clients that (a) supported DTLS-SRTP and
(b) could be pointed at Asterisk. At the time, no clients met both
criteria. Those that did support DTLS-SRTP were working hard on creating
closed networks that did not allow another B2BUA to participate.
We tested it by pointing two Asterisk instances at each other and
running Wireshark. And starting at a lot of pcaps.
That situation may have changed.
> 2. To configure DTLS-SRTP properly is it enough to just set dtlsenable=yes do i \
> need dtlsSverify and to set dtls certificats for a basic functionality?
You need a bit more than that. You'll need:
1) The correct version of OpenSSL that supports DTLS installed and
Asterisk built using it
2) CA and cert files generated that will be used by the RTP engine
3) Properly configured endpoints. For a test run of Asterisk <->
Asterisk, the configuration of one instance of Asterisk looked something
like this:
[peer-template](!)
directmedia = no
disallow = all
allow = g722
allow = gsm
allow = ulaw
[dtls-template](!,peer-template)
encryption = yes
dtlsenable = yes
dtlsverify = yes
dtlsrekey = 60
dtlscafile = /etc/asterisk/ca.crt
dtlscertfile = /etc/asterisk/asterisk01.pem
dtlssetup = actpass
[asterisk-01](dtls-template)
type = peer
secret = asterisk-01
host = x.x.x.x
context = from-asterisk-01
insecure = invite
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic