Sip.js breaks on Chrome 52 when connecting to FreeSwitch

[lylepratt]

It appears that this is due to Chrome defaulting to ECDSA for dtla now:
https://developers.google.com/web/updates/2016/06/webrtc-ecdsa

It looks like other certs are still supported but you have to request them specifically. Is there any way to do that with sip.js?

[lylepratt]

*DTLS

[etamme]

this is an openssl/freeswitch problem related to chrome using elliptic curve certs by default now.  upgrade openssl and retest.

-eric

On Aug 1, 2016, 5:08 PM, at 5:08 PM, Lyle Pratt notifications@github.com wrote:

*DTLS

---

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#344 (comment)

[lylepratt]

@etamme yep. Sorry for the false alarm. Definitely an issue with Ubuntu 14.04. However, it appears that there is a way to define what algorithm to use in Webrtc. Seems like it would be useful for SIP.js to expose that?

[klarrimore]

@lylepratt I made a hack until we got the freeswitch server updates applied. It looked something like this. It's terrible but worked on 0.7.2 and could be something to start from.

initPeerConnectionCertificateHack: function() {
  var rtcpc = window.webkitRTCPeerConnection || window.mozRTCPeerConnection || window.RTCPeerConnection;
  rtcpc.generateCertificate({
    name: "RSASSA-PKCS1-v1_5",
    modulusLength: 2048,
    publicExponent: new Uint8Array([1, 0, 1]),
    hash: "SHA-256"
  }).then(function(certficate) {
    SIP.Hacks.AllBrowsers.rtcPeerConnectionCertificates = [certficate];
  });
}

Then added this to MediaHandler.js

this.peerConnection = new SIP.WebRTC.RTCPeerConnection({'iceServers': servers, 'certificates': SIP.Hacks.AllBrowsers.rtcPeerConnectionCertificates}, self.RTCConstraints);

[james-criscuolo]

Here's the announcement article: https://developers.google.com/web/updates/2016/06/webrtc-ecdsa

If this were to be implemented, it would be done via ua configuration parameter, with the above code conditioned behind it. I recommend upgrading, as it sounds like up to a second can be saved in call setup time, but we can definitely put this together at some point, or accept a PR if it happens sooner.

[haibui-htk]

Hi all,

I had the same problem and solved it.
The freeswitch need to be updated new libssl-dev version > 1.0.1g (I use
1.0.1t).
After upgrade libssl-dev, we need to build freeswitch again.

Regards,
Hai Bui

On Tue, Aug 2, 2016 at 8:58 PM, James Criscuolo notifications@github.com
wrote:

Here's the announcement article:
https://developers.google.com/web/updates/2016/06/webrtc-ecdsa

If this were to be implemented, it would be done via ua configuration
parameter, with the above code conditioned behind it. I recommend
upgrading, as it sounds like up to a second can be saved in call setup
time, but we can definitely put this together at some point, or accept a PR
if it happens sooner.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#344 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/ANoM5IeRtH7ubLPwZdWDyTcHuu4RO1zDks5qb1QSgaJpZM4JaFYS
.

Hai Bui
VoIP engineer, Cvoice team, HTK-HCM Office
Mobile: +84-165-618-9876

[lylepratt]

Thanks for the tips guys. Our FreeSWITCH docker container was basing from Ubuntu 14.04. We've updated it to base from 16.04 and all is well now.

[egreenmachine]

As a note, we were able to upgrade our version of openssl and not rebuild freeswitch. A simple restart of freeswitch after updating openssl solved the issue, YMMV. Our version of openssl on Centos 6 is 1.0.1e-42.

Updating to the newest version of openssl is definitely recommended.

[aaker]

We also had this issue on a non freeswitch implementation and a upgrade of openssl and restart of the process fixed it. For ubuntu 14 though we had to use 1.0.2g version through a new repo added in /etc/apt/sources.list as the latest available version didn't fix it for us. Details below from a ubuntu link. http://packages.ubuntu.com/xenial/amd64/openssl/download