Chrome 52 DTLS handshake issue
712 views
Skip to first unread message
Nitesh Bansal
Jun 10, 2016, 9:01:27 AM6/10/16
to discuss-webrtc
Hello,
My Asterisk box has stopped working with WebRTC since I upgraded to Chrome 52 beta.
It seems that issue is related to https://monorail-prod.appspot.com/p/webrtc/issues/detail?id=5863
Bit of googling suggest that I can fix it by upgrading openssl version and indeed openssl upgrade works.
I'm wondering if there is any workaround in openssl to get it working with older verisons, I understand that
it is related to ECDSA cipher and missing elliptic curve extensions, I'm by no means an openssl expert.
Is there a method which could allow me to either add the desired extension or don't advertise ECDSA cipher?
Thanks,
Nitesh
My Asterisk box has stopped working with WebRTC since I upgraded to Chrome 52 beta.
It seems that issue is related to https://monorail-prod.appspot.com/p/webrtc/issues/detail?id=5863
Bit of googling suggest that I can fix it by upgrading openssl version and indeed openssl upgrade works.
I'm wondering if there is any workaround in openssl to get it working with older verisons, I understand that
it is related to ECDSA cipher and missing elliptic curve extensions, I'm by no means an openssl expert.
Is there a method which could allow me to either add the desired extension or don't advertise ECDSA cipher?
Thanks,
Nitesh
Lorenzo Miniero
Jun 10, 2016, 9:11:02 AM6/10/16
to discuss-webrtc
AFAIK older versions of OpenSSL don't support that at all, hence the failure unless you upgrade.
I think the only way to get it working there is to disable ECDSA in chrome://flags/
L.
Nitesh Bansal
Jun 10, 2016, 9:18:25 AM6/10/16
to discuss-webrtc
Hi Lorenzo,
I tried disabling the flag in Chrome and it works, but I'm really in need for a workaround
in old versions of openssl, it is really a big project to upgrade openssl versions on our Asterisk
boxes.
Nitesh
I tried disabling the flag in Chrome and it works, but I'm really in need for a workaround
in old versions of openssl, it is really a big project to upgrade openssl versions on our Asterisk
boxes.
Nitesh
Christoffer Jansson
Jun 10, 2016, 11:18:01 AM6/10/16
to discuss-webrtc
Hi,
You can use peerConnection.generateCertificate() method and generate certificates of your own choosing, we do that in AppRTC. Not entirely sure which RSA types are supported but there is at least on example here.
Maybe that can help?
/Chris
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/c02f721a-c4fe-4470-90eb-dd65e79d4082%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
/Chris
Jeremy Noring
Jun 12, 2016, 12:11:39 AM6/12/16
to discuss-webrtc
Same issue in Licode; so far an update to OpenSSL has resolved the issue. I think your best bet is getting an update to Asterix.
Jose Antonio Santos Cadenas
Jun 13, 2016, 3:15:08 AM6/13/16
to discuss-webrtc
Can you specify what version of openssl is working correctly and what has issues, please?
Thank you.
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/f229918e-b163-440d-a6f3-873609f0f3a3%40googlegroups.com.
Nitesh Bansal
Jun 13, 2016, 5:20:15 AM6/13/16
to discuss-webrtc
Hi,
The issue is present in openssl version 1.0.1e, I upgraded to openssl1.0.1g and it works fine.
The issue is present in openssl version 1.0.1e, I upgraded to openssl1.0.1g and it works fine.
On Friday, June 10, 2016 at 3:01:27 PM UTC+2, Nitesh Bansal wrote:
Jose Antonio Santos Cadenas
Jun 13, 2016, 5:25:10 AM6/13/16
to discuss-webrtc
Thanks!
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/11818463-4964-43df-8215-94283df6c1c1%40googlegroups.com.
Nitesh Bansal
Jun 13, 2016, 5:42:02 AM6/13/16
to discuss-webrtc
Hi Christoffer,
I think I could use the javascript trick to disable ECDSA?
Could you advise me if this fix will work in longterm, just wondering if Chrome has plans to switch to ECDSA only in the future?
Nitesh
I think I could use the javascript trick to disable ECDSA?
Could you advise me if this fix will work in longterm, just wondering if Chrome has plans to switch to ECDSA only in the future?
Nitesh
On Friday, June 10, 2016 at 3:01:27 PM UTC+2, Nitesh Bansal wrote:
Lorenzo Miniero
Jun 13, 2016, 6:05:33 AM6/13/16
to discuss-webrtc
It's not just Chrome, it's going to be mandated in the security architecture draft:
L.
Amit Singh
Jul 23, 2016, 4:54:32 PM7/23/16
to discuss-webrtc
Hi,
I am also facing same problem with recent release of chrome 52 stable channel. In Asterisk DTLS is failing. If i am working on Centos6.5 with Openssl version 1.0.1e, then everything is working fine but if i am using that on Centos5.10 with openssl 1.0.1g ot 1.0.1e its not working. I have seen the client Hello Packet in Wireshark, In working case Elliptic curve and ec point formats is present. May be this is the Issue. I have tried by changing openssl version but its not working. Can anyone Suggest anything so that it can work in Centos 5.10.
I am also facing same problem with recent release of chrome 52 stable channel. In Asterisk DTLS is failing. If i am working on Centos6.5 with Openssl version 1.0.1e, then everything is working fine but if i am using that on Centos5.10 with openssl 1.0.1g ot 1.0.1e its not working. I have seen the client Hello Packet in Wireshark, In working case Elliptic curve and ec point formats is present. May be this is the Issue. I have tried by changing openssl version but its not working. Can anyone Suggest anything so that it can work in Centos 5.10.
Thanks,
Amit SIngh
jeff...@vcomsolucoes.com.br
Aug 22, 2016, 2:22:22 PM8/22/16
to discuss-webrtc
Victory!
friends, i am using ubuntu 14 and decided install debian 8 because the openssl is updated (1.0.1t).
And solved!
Compile the Asterisk with (./configure --with-pjproject-bundled)
Chrome 52 works!
Sorry by my english, rs.
Reply all
Reply to author
Forward
0 new messages