Question on WSS support

Question

Question on WSS support

Ry0dai opened this issue 10 months ago · 2 comments

Ry0dai commented 10 months ago

Hi everyone,
Can someone confirm sngrep support of webRTC WSS Sip capture ?

Best wishes for this new year to all.

Rgds

Answer 1 · 2024-01-15T08:34:11.000Z

Hi @Ry0dai !

sngrep only support a couple insecure cipthers (TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA and TLS_RSA_WITH_AES_256_GCM_SHA384), and needs to capture the initial TLS negotiation in order to decrypt the conversation. If you're using TLS v1.2 or greater with a DH or ECDH cipher, decrypting is impossible as these ciphers implement Perfect Forward Secrecy.

I have added a FAQ entry with this topic.

If your server is able to send HEP traffic, it's better to configure sngrep as local HEP listener than trying to decrypt TLS information from the wire configuring an insecure cipher in your server.

Regards!

Answer 2 · 2024-01-16T08:49:59.000Z

Hi @Kaian
Thank you for your answer !
I did it on Freeswitch and it work pretty well.
I close this issue.
Regards!