Summary: | ASTERISK-26130: [patch] WebRTC: Should use latest DTLS version. | ||
Reporter: | Alexander Traud (traud) | Labels: | |
Date Opened: | 2016-06-21 07:10:30 | Date Closed: | 2016-06-21 19:06:55 |
Priority: | Minor | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_rtp_asterisk |
Versions: | 11.22.0 13.9.1 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Asterisk uses OpenSSL als crypto library. Currently for DTLS, the first version (based on TLS 1.1) is used -- always. DTLS 1.0 is used even if the installed OpenSSL supports newer DTLS versions. For example since OpenSSL 1.0.2 -- included in Ubuntu 16.04 LTS -- DTLS 1.2 is supported.
DTLS 1.2 is used by Mozilla Firefox for WebRTC ([DTLS-SRTP|https://tools.ietf.org/html/rfc5764] via [SIP-over-Secure-WebSockets|https://tools.ietf.org/html/rfc7118]). Furthermore, DTLS 1.2 is required for AEAD-based cipher-suites like {{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}} and/or {{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}}. | ||
Comments: |