No Ciphers Available when attempting WSS between SipML 1.3 / 1.5 and WebRTC 2.6.0
Opened this issue · 6 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Attempt to register a sipML client to webrtc2sip 2.6.0 with DTLS/SRTP
enabled.
What is the expected output? What do you see instead?
Expected response is an SSL/TLS/DTLS handshake, instead dies at initial Client
Hello
What version of the product are you using? On what operating system?
Latest SVN for webrtc2sip 2.6.0, latest Doubango SVN Branch 2.0, OpenSSL 1.0.1g
(Also used 1.0.2), sipML 1.4 (working on upgrading to 1.5)
Please provide any additional information below.
We get a failure after Client HELLO in the SSL conversation, stating "no shared
ciphers" as the issue.....
Here's the debug output from SIPml:
Error: Failed to set remote offer sdp: Called with SDP without DTLS fingerprint.
We are using the latest webML5 1.4 codebase
State machine: s0000_Started_2_Ringing_X_iINVITE tsk_utils.js?svn=224:116
onSetRemoteDescriptionError tsk_utils.js?svn=224:116
Error: Failed to set remote offer sdp: Called with SDP without DTLS fingerprint.
Original issue reported on code.google.com by sherwood...@gmail.com on 30 May 2014 at 2:52
Attachments:
GoogleCodeExporter commented
Don't know how you have captured logs from the browser but there is no useful
information in "browser.log". To get javascript logs: Right click on the
webpage -> inspect Element -> Select "console" tab.
In you report you're talking about DTLS but webrtc2sip shows that the issue is
about SSL (instead of DTLS) and no call logs at all. In short: what you're
describing doesn't match with the logs.
Original comment by boss...@yahoo.fr on 30 May 2014 at 3:24
GoogleCodeExporter commented
Thanks for the reply, the dev who is performing the testing says that the
output given is from the Javascript console, so new output would be useless.
I am posting our config.xml file, but past that the problem remains that we
cannot get an SSL handshake between the client and server. We are using the
recommended OpenSSL versions. Please let me know if you can help in any way, or
if you have further suggestions for better output to help you understand the
issue
Original comment by sherwood...@gmail.com on 30 May 2014 at 3:46
Attachments:
GoogleCodeExporter commented
We get a failure after Client HELLO in the SSL conversation, stating "no shared
ciphers" as the issue.....
This is the main issue we are facing the "no shared ciphers" error. We have
self signed certificates. When we open a connection to wss://208.95.61.51:10062
the handshake fails with a server side error of "no shared ciphers". We get no
further as evidenced in the browser log.
__tsip_transport_ws_onerror tsk_utils.js?svn=224:116
__tsip_transport_ws_onclose tsk_utils.js?svn=224:116
Original comment by ch...@nctech.co on 30 May 2014 at 3:52
GoogleCodeExporter commented
It's too confusing because in the description you're talking about DTLS and
fingerprint. You cannot use self-signed certificates for WSS. Last time I test
chrome it allows it but not Firefox. This was a security issue in Chrome. I
guess Google fixed it. Two solutions:
- use trusted certificates
- or, open "https://208.95.61.51:10062" (notice the "https://") in the browser
and when you get a warning, say you want to have the address trusted. Then, try
SIPML5 (with WSS).
Original comment by boss...@yahoo.fr on 30 May 2014 at 4:00
GoogleCodeExporter commented
Please also note that with such config.xml you'll not be able to make calls if
you're using Chrome 35+ or Firefox. DTLS requires a public cert key
(self-signed or not) and you're not providing one but only a CA.
Original comment by boss...@yahoo.fr on 30 May 2014 at 4:04
GoogleCodeExporter commented
Hi boss
There is nothing confusing but there is no help or instructions about this that
it won't work with Self Signed certs.
People require DTLS as its required by the Proprietary/freeswicth ,hence
needed. FYI using https://sipml5.org/call.htm?svn=224# throws the same error.
Webrtc error log:
SSL is enabled :)
DTLS supported: yes
DTLS-SRTP supported: yes
*INFO: transport = udp://*:10060
*INFO: transport = ws://*:10060
*INFO: transport = wss://*:10062
*INFO: transport = tcp://*:10063
*INFO: transport = tls://*:10064
*INFO: enable-rtp-symetric = yes
*INFO: enable-100rel = no
*INFO: enable-media-coder = no
*INFO: enable-videojb = yes
*INFO: video-size-pref = vga
*INFO: rtp-buffsize = 65535
*INFO: avpf-tail-length = [100-400]
*INFO: srtp-mode = optional
*INFO: srtp-type = sdes;dtls
*INFO: dtmf-type = rfc4733
*INFO: codecs = opus;pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+
*INFO: UnRegister codec: PCMA, G.711a codec (native)
*INFO: UnRegister codec: PCMU, G.711u codec (native)
*INFO: UnRegister codec: GSM, GSM Full Rate (libgsm)
*INFO: UnRegister codec: VP8, VP8 codec (libvpx)
*INFO: UnRegister codec: H264, H264 Base Profile (FFmpeg, x264)
*INFO: UnRegister codec: H264, H264 Main Profile (FFmpeg, x264)
*INFO: UnRegister codec: H263, H263-1996 codec (FFmpeg)
*INFO: UnRegister codec: H263-1998, H263-1998 codec (FFmpeg)
*INFO: codec-opus-maxrates = 48000;48000
*INFO: stun-server = stun.l.google.com;19302;-;-
*INFO: enable-icestun = yes
*INFO: max-fds = -1
*INFO: nameserver = 8.8.8.8
*INFO: ssl-certificates =
/home/cg/myca/certs/crt.server1.pem;
/home/cg/mycert/private/key.csr.server1.pem;
no;
no
*INFO: transport = c2c://*:10070
*INFO: transport = c2cs://*:10072
*INFO: database = sqlite;*
*INFO: sqlite3_threadsafe = 1
*INFO: Database opened = TRUE
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=8, pipeW=9
*INFO: Socket added[TCP/IPv4 transport]: fd=8, tail.count=1
*INFO: master fd=3
*INFO: Socket added[TCP/IPv4 transport]: fd=3, tail.count=2
*INFO: Transport::run() - enter
*INFO: Starting [TCP/IPv4 transport] server with IP {0.0.0.0} on port {10070}
using fd {3} with type {9}...
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:0906D06C:PEM
routines:PEM_read_bio:no start line]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=10, pipeW=11
*INFO: Socket added[TLS/IPv4 transport]: fd=10, tail.count=1
*INFO: master fd=4
*INFO: Socket added[TLS/IPv4 transport]: fd=4, tail.count=2
*INFO: Stack running in SERVER mode
*INFO: tsk_timer_manager_start
*INFO: Transport::run() - enter
*INFO: Timer manager run()::enter
*INFO: TIMER MANAGER -- START
*INFO: Starting [TLS/IPv4 transport] server with IP {0.0.0.0} on port {10072}
using fd {4} with type {17}...
*INFO: SIP STACK::run -- START
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:PEM lib]
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:0906D06C:PEM
routines:PEM_read_bio:no start line]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=17, pipeW=18
*INFO: Socket added[SIP transport]: fd=17, tail.count=1
*INFO: master fd=12
*INFO: Socket added[SIP transport]: fd=12, tail.count=2
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=19, pipeW=20
*INFO: Socket added[SIP transport]: fd=19, tail.count=1
*INFO: master fd=13
*INFO: Socket added[SIP transport]: fd=13, tail.count=2
*INFO: Transport::run() - enter
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=21, pipeW=22
*INFO: Socket added[SIP transport]: fd=21, tail.count=1
*INFO: master fd=14
*INFO: Socket added[SIP transport]: fd=14, tail.count=2
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10060}
using fd {12} with type {2}...
*INFO: Transport::run() - enter
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=23, pipeW=24
*INFO: Socket added[SIP transport]: fd=23, tail.count=1
*INFO: master fd=15
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10064}
using fd {14} with type {16}...
*INFO: Socket added[SIP transport]: fd=15, tail.count=2
*INFO: tnet_transport_prepare()
*INFO: Transport::run() - enter
*INFO: pipeR fd=25, pipeW=26
*INFO: Socket added[SIP transport]: fd=25, tail.count=1
*INFO: master fd=16
*INFO: Socket added[SIP transport]: fd=16, tail.count=2
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10060}
using fd {15} with type {64}...
*INFO: Transport::run() - enter
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10062}
using fd {16} with type {128}...
*INFO: SIP STACK -- START
*INFO: Transport::run() - enter
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10063}
using fd {13} with type {8}...
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
*INFO: *** Stream Peer destroyed ***
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: CloseSocket(27)
*INFO: *** Stream Peer destroyed ***
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
Let us know the Workaround,if possible or should we quit using webrtc?
Chrome console logs:
s_websocket_server_url=wss:66.175.211.140:10062 SIPml-api.js?svn=224:1
s_sip_outboundproxy_url=(null) SIPml-api.js?svn=224:1
b_rtcweb_breaker_enabled=yes SIPml-api.js?svn=224:1
b_click2call_enabled=no SIPml-api.js?svn=224:1
b_early_ims=yes SIPml-api.js?svn=224:1
b_enable_media_stream_cache=no SIPml-api.js?svn=224:1
o_bandwidth={} SIPml-api.js?svn=224:1
o_video_size={} SIPml-api.js?svn=224:1
SIP stack start: proxy='ns313841.ovh.net:14062', realm='<sip:83.98.187.237>',
impi='admin1', impu='"admin1"<sip:admin1@83.98.187.237>' SIPml-api.js?svn=224:1
Connecting to 'wss:66.175.211.140:10062' SIPml-api.js?svn=224:1
==stack event = starting SIPml-api.js?svn=224:1
__tsip_transport_ws_onerror SIPml-api.js?svn=224:1
__tsip_transport_ws_onclose SIPml-api.js?svn=224:1
==stack event = failed_to_start SIPml-api.js?svn=224:1
Regards
Yusuf
Original comment by shahnazp...@gmail.com on 12 Jun 2014 at 9:50