asterisk users - Oct 2016 - Ast 13.10 to 13.11 stop working webrtc

>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
working, failing with

chan_sip.c:4083 retrans_pkt: Hanging up call
7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
critical packet (see
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).


is there any way to configure to have the previous behaviour?
Im trying to set dtlscipher=AES128-SHA but I always see

DTLS ECDH initialized (automatic), faster PFS enabled

any idea?

Thanks!
res_rtp_asterisk
------------------
* The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).
Enabling PFS is attempted by default, and is dependent on the configuration
of the module using TLS.
- Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
specify a ECDHE cipher suite in sip.conf, for example:
dtlscipher=AES128-SHA
- Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
into the private key file, e.g., sip.conf dtlsprivatekey. For example:
openssl dhparam -out ./dh.pem 2048
- Because clients expect the server to prefer PFS, and because OpenSSL sorts

its cipher suites by bit strength, see "openssl ciphers -v DEFAULT".
Consider re-ordering your cipher suites in the respective configuration
file. For example:
dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
which forces PFS and requires at least DTLS 1.2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20161005/9b633af1/attachment.html>

the issue is with chan_sip not on rtp I will check wich commit break this
and fill an issue.


El mi?., 5 de oct. de 2016 a la(s) 17:41, Sebastian <scgm11 at gmail.com>
escribi?:
> From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
> working, failing with
>
> chan_sip.c:4083 retrans_pkt: Hanging up call
> 7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
> critical packet (see
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
>
>
> is there any way to configure to have the previous behaviour?
> Im trying to set dtlscipher=AES128-SHA but I always see
>
> DTLS ECDH initialized (automatic), faster PFS enabled
>
> any idea?
>
> Thanks!
> res_rtp_asterisk
> ------------------
> * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).
> Enabling PFS is attempted by default, and is dependent on the configuration
> of the module using TLS.
> - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
> specify a ECDHE cipher suite in sip.conf, for example:
> dtlscipher=AES128-SHA
> - Ephemeral DH (DHE) is disabled by default. To enable it, add DH
> parameters
> into the private key file, e.g., sip.conf dtlsprivatekey. For example:
> openssl dhparam -out ./dh.pem 2048
> - Because clients expect the server to prefer PFS, and because OpenSSL
> sorts
>
> its cipher suites by bit strength, see "openssl ciphers -v
DEFAULT".
> Consider re-ordering your cipher suites in the respective configuration
> file. For example:
> dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
> which forces PFS and requires at least DTLS 1.2.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20161006/57f7444d/attachment.html>

the issue is fixed in current trunk head version

El jue., 6 de oct. de 2016 a la(s) 12:07, Sebastian <scgm11 at gmail.com>
escribi?:
> the issue is with chan_sip not on rtp I will check wich commit break this
> and fill an issue.
>
>
> El mi?., 5 de oct. de 2016 a la(s) 17:41, Sebastian <scgm11 at
gmail.com>
> escribi?:
>
> From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
> working, failing with
>
> chan_sip.c:4083 retrans_pkt: Hanging up call
> 7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
> critical packet (see
> https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
>
>
> is there any way to configure to have the previous behaviour?
> Im trying to set dtlscipher=AES128-SHA but I always see
>
> DTLS ECDH initialized (automatic), faster PFS enabled
>
> any idea?
>
> Thanks!
> res_rtp_asterisk
> ------------------
> * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS).
> Enabling PFS is attempted by default, and is dependent on the configuration
> of the module using TLS.
> - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
> specify a ECDHE cipher suite in sip.conf, for example:
> dtlscipher=AES128-SHA
> - Ephemeral DH (DHE) is disabled by default. To enable it, add DH
> parameters
> into the private key file, e.g., sip.conf dtlsprivatekey. For example:
> openssl dhparam -out ./dh.pem 2048
> - Because clients expect the server to prefer PFS, and because OpenSSL
> sorts
>
> its cipher suites by bit strength, see "openssl ciphers -v
DEFAULT".
> Consider re-ordering your cipher suites in the respective configuration
> file. For example:
> dtlscipher=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
> which forces PFS and requires at least DTLS 1.2.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20161006/9962ed21/attachment-0001.html>