Closed Bug 948683 Opened 6 years ago Closed 5 years ago

DTLS-SRTP SHA-128 Support for Asterisk


(Core :: WebRTC: Networking, defect)

26 Branch
Windows 8.1
Not set





(Reporter: jideliov, Unassigned)



User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.41 Safari/537.36

Steps to reproduce:

Trying to make a WebRTC call via the web browser using Asterisk 11+SIPML5+Firefox

Firefox requires the connection to be set via DTLS-SRTP, for which we had to generate certificates via OpenSSL

Actual results:

[Nov 25 15:05:50] WARNING[5628][C-0000005c]: chan_sip.c:11034 process_sdp_a_dtls: Unsupported fingerprint hash type 'sha-2' received on dialog '38f43a1f-15cd-ad69-c2b3-72c21b9de5fd'

The call would not go through because of the removed support for SHA-128 in Firefox

Expected results:

Web call should have gone through. Firefox should have tried to negotiate the key by falling back to SHA-1 in cases where SHA-2 is not supported.
webrtc or security:PSM is the question here...
Component: Untriaged → WebRTC: Networking
Product: Firefox → Core
On first look, this seems like this is something that Asterisk should be fixing.

That said, there is a case to be made for lower collision resistance in our WebRTC certificate usages, because we only use those certificates for a very short time.  The risk there is that we would have to reduce the strength of certificates universally, which I'm reluctant to do.
Martin -- Is this something we should fix or is this a WONTFIX?
Flags: needinfo?(martin.thomson)
Closed: 5 years ago
Flags: needinfo?(martin.thomson)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.