Closed Bug 948683 Opened 6 years ago Closed 5 years ago
DTLS-SRTP SHA-128 Support for Asterisk
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.41 Safari/537.36 Steps to reproduce: Trying to make a WebRTC call via the web browser using Asterisk 11+SIPML5+Firefox Firefox requires the connection to be set via DTLS-SRTP, for which we had to generate certificates via OpenSSL Actual results: [Nov 25 15:05:50] WARNING[C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd' The call would not go through because of the removed support for SHA-128 in Firefox Expected results: Web call should have gone through. Firefox should have tried to negotiate the key by falling back to SHA-1 in cases where SHA-2 is not supported.
webrtc or security:PSM is the question here...
Component: Untriaged → WebRTC: Networking
Product: Firefox → Core
On first look, this seems like this is something that Asterisk should be fixing. That said, there is a case to be made for lower collision resistance in our WebRTC certificate usages, because we only use those certificates for a very short time. The risk there is that we would have to reduce the strength of certificates universally, which I'm reluctant to do.
Martin -- Is this something we should fix or is this a WONTFIX?
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.