[Home]

Summary:ASTERISK-24911: No Voice with Firefox-37 as DTLS handshake is not completing
Reporter:Ajay Choudary (AjayG)Labels:patch pjsip webrtc
Date Opened:2015-03-26 02:21:57Date Closed:2015-04-08 21:10:34
Priority:CriticalRegression?
Status:Closed/CompleteComponents:Resources/res_rtp_asterisk
Versions:11.11.0 13.2.0 Frequency of
Occurrence
Related
Issues:
Environment:CentOS 6.5 / 7Attachments:( 0) fingerprint.patch
Description:In DTLS Connect mode Firefox(37/38) is not responding for Client Hello. The same setup is working fine for Firefox Stable (<= 36) & Chrome Canary (<=43). No Error logs are observed in Asterisk. No Error Responses from Firefox. Tested with Asterisk 11 and 13. Firefox 37 (current beta channel) is going to release by 03-31-2015, as per the release calendar. So all the Asterisk WebRTC Gateways will going to effected by next couple of days with Firefox Update.

Note: When i tested with SIPml5 in Firefox-37 with (webrtc2sip+doubango) it is working fine, so issue is with Asterisk only
Comments:By: Rusty Newton (rnewton) 2015-03-26 17:34:39.011-0500

Thanks for the report and debug. However we also need protocol specific debug captured at the time of the issue. Please include the following:

* Asterisk log files generated using the instructions on the Asterisk wiki [1], with the appropriate protocol debug options enabled, e.g. 'pjsip set logger on' if the issue involves the chan_pjsip channel driver.
* Configuration information for the relevant channel driver, e.g. pjsip.conf.
* A wireshark compatible packet capture, captured at the same time as the Asterisk log output.

[1] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information



By: Rusty Newton (rnewton) 2015-03-26 17:34:58.470-0500

We require additional debug to continue with triage of your issue. Please follow the instructions on the wiki [1] for how to collect debugging information from Asterisk. For expediency, where possible, attach the debug with a '.txt' file extension so that the debug will be usable for further analysis.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information



By: Rusty Newton (rnewton) 2015-03-26 17:37:25.311-0500

Please press Send Back or Enter Feedback once you have attached the required protocol traces, Asterisk debug logs and such to the issue.

If you can, please make sure all the captures and logs correlate and get separate debug for a working call vs a failing. (old version vs new) Please follow the linked instructions precisely. Thanks!

By: Ajay Choudary (AjayG) 2015-03-27 01:29:46.828-0500

Hi Folks,

This issue is fixed by altering hash function to lower case in "a=fingerprint" SDP line.

Code changes in add_dtls_to_sdp function (chan_sip.c) :
(- Remove) ast_str_append(a_buf, 0, "a=fingerprint:%s %s\r\n", hash == AST_RTP_DTLS_HASH_SHA1 ? "SHA-1" : "SHA-256", fingerprint);
(+ Add) ast_str_append(a_buf, 0, "a=fingerprint:%s %s\r\n", hash == AST_RTP_DTLS_HASH_SHA1 ? "sha-1" : "sha-256", fingerprint);

With the above change DTLS handshake is completing successfully.
Please the release the patch ASAP. (Expected Firefox-37 release date is 31st March'15).

Reference links: https://groups.google.com/forum/#!topic/discuss-webrtc/seAJiN8Z2-Y
https://bugzilla.mozilla.org/show_bug.cgi?id=1147919.

Regards,
AjayG


By: Matt Jordan (mjordan) 2015-04-08 21:10:22.907-0500

Reading through the notes, it seems pretty clear this is a bug in Firefox. Given that, I'm going to go ahead and close this issue out as "Not a Bug" in Asterisk. I'd prefer not to patch Asterisk for this, as it could easily throw us out of compliance with some other endpoint that decides to perform case sensitive comparisons - only this time, for upper case values.

If users have to have compatibility with the faulty version of Firefox, they can make the suggested change noted above.

By: Alexander Traud (traud) 2018-06-19 06:47:30.363-0500

Even today, some DTLS-SRTP implementations face that issue. Therefore, I attached the mentioned change as file (for use in scripts). Hopefully that helps you as administrator to debug (at least) this issue more easily. If the case is the cause, do not forget to report to the author of your DTLS-SRTP implementation to handle "sha" case-insensitive.

{code}wget issues.asterisk.org/jira/secure/attachment/57605/fingerprint.patch
patch -p0 <./fingerprint.patch{code}