No Ciphers Available when attempting WSS between SipML 1.3 / 1.5 and WebRTC 2.6.0

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Attempt to register a sipML client to webrtc2sip 2.6.0 with DTLS/SRTP 
enabled.

What is the expected output? What do you see instead?
Expected response is an SSL/TLS/DTLS handshake, instead dies at initial Client 
Hello

What version of the product are you using? On what operating system?
Latest SVN for webrtc2sip 2.6.0, latest Doubango SVN Branch 2.0, OpenSSL 1.0.1g 
(Also used 1.0.2), sipML 1.4 (working on upgrading to 1.5)

Please provide any additional information below.
We get a failure after Client HELLO in the SSL conversation, stating "no shared 
ciphers" as the issue.....

Here's the debug output from SIPml:
Error: Failed to set remote offer sdp: Called with SDP without DTLS fingerprint.
We are using the latest webML5 1.4 codebase
State machine: s0000_Started_2_Ringing_X_iINVITE tsk_utils.js?svn=224:116
onSetRemoteDescriptionError tsk_utils.js?svn=224:116
Error: Failed to set remote offer sdp: Called with SDP without DTLS fingerprint.

Original issue reported on code.google.com by sherwood...@gmail.com on 30 May 2014 at 2:52

Attachments:

GoogleCodeExporter commented 8 years ago

Don't know how you have captured logs from the browser but there is no useful 
information in "browser.log". To get javascript logs: Right click on the 
webpage -> inspect Element -> Select "console" tab.
In you report you're talking about DTLS but webrtc2sip shows that the issue is 
about SSL (instead of DTLS) and no call logs at all. In short: what you're 
describing doesn't match with the logs.

Original comment by boss...@yahoo.fr on 30 May 2014 at 3:24

GoogleCodeExporter commented 8 years ago

Thanks for the reply, the dev who is performing the testing says that the 
output given is from the Javascript console, so new output would be useless. 

I am posting our config.xml file, but past that the problem remains that we 
cannot get an SSL handshake between the client and server. We are using the 
recommended OpenSSL versions. Please let me know if you can help in any way, or 
if you have further suggestions for better output to help you understand the 
issue

Original comment by sherwood...@gmail.com on 30 May 2014 at 3:46

Attachments:

config.xml

GoogleCodeExporter commented 8 years ago

We get a failure after Client HELLO in the SSL conversation, stating "no shared 
ciphers" as the issue.....

This is the main issue we are facing the "no shared ciphers" error. We have 
self signed certificates. When we open a connection to wss://208.95.61.51:10062 
the handshake fails with a server side error of "no shared ciphers". We get no 
further as evidenced in the browser log.

__tsip_transport_ws_onerror tsk_utils.js?svn=224:116
__tsip_transport_ws_onclose tsk_utils.js?svn=224:116

Original comment by ch...@nctech.co on 30 May 2014 at 3:52

GoogleCodeExporter commented 8 years ago

It's too confusing because in the description you're talking about DTLS and 
fingerprint. You cannot use self-signed certificates for WSS. Last time I test 
chrome it allows it but not Firefox. This was a security issue in Chrome. I 
guess Google fixed it. Two solutions:
- use trusted certificates
- or, open "https://208.95.61.51:10062" (notice the "https://") in the browser 
and when you get a warning, say you want to have the address trusted. Then, try 
SIPML5 (with WSS).

Original comment by boss...@yahoo.fr on 30 May 2014 at 4:00

GoogleCodeExporter commented 8 years ago

Please also note that with such config.xml you'll not be able to make calls if 
you're using Chrome 35+ or Firefox. DTLS requires a public cert key 
(self-signed or not) and you're not providing one but only a CA.

Original comment by boss...@yahoo.fr on 30 May 2014 at 4:04

GoogleCodeExporter commented 8 years ago

Hi boss
There is nothing confusing but there is no help or instructions about this that 
it won't work with Self Signed certs.
People require DTLS as its required by the Proprietary/freeswicth ,hence 
needed. FYI using https://sipml5.org/call.htm?svn=224# throws the same error.

Webrtc error log:

SSL is enabled :)
DTLS supported: yes
DTLS-SRTP supported: yes
*INFO: transport = udp://*:10060
*INFO: transport = ws://*:10060
*INFO: transport = wss://*:10062
*INFO: transport = tcp://*:10063
*INFO: transport = tls://*:10064
*INFO: enable-rtp-symetric = yes
*INFO: enable-100rel = no
*INFO: enable-media-coder = no
*INFO: enable-videojb = yes
*INFO: video-size-pref = vga
*INFO: rtp-buffsize = 65535
*INFO: avpf-tail-length = [100-400]
*INFO: srtp-mode = optional
*INFO: srtp-type = sdes;dtls
*INFO: dtmf-type = rfc4733
*INFO: codecs = opus;pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+
*INFO: UnRegister codec: PCMA, G.711a codec (native)
*INFO: UnRegister codec: PCMU, G.711u codec (native)
*INFO: UnRegister codec: GSM, GSM Full Rate (libgsm)
*INFO: UnRegister codec: VP8, VP8 codec (libvpx)
*INFO: UnRegister codec: H264, H264 Base Profile (FFmpeg, x264)
*INFO: UnRegister codec: H264, H264 Main Profile (FFmpeg, x264)
*INFO: UnRegister codec: H263, H263-1996 codec (FFmpeg)
*INFO: UnRegister codec: H263-1998, H263-1998 codec (FFmpeg)
*INFO: codec-opus-maxrates = 48000;48000
*INFO: stun-server = stun.l.google.com;19302;-;-
*INFO: enable-icestun = yes
*INFO: max-fds = -1
*INFO: nameserver = 8.8.8.8
*INFO: ssl-certificates =
/home/cg/myca/certs/crt.server1.pem;
/home/cg/mycert/private/key.csr.server1.pem;
no;
no
*INFO: transport = c2c://*:10070
*INFO: transport = c2cs://*:10072
*INFO: database = sqlite;*
*INFO: sqlite3_threadsafe = 1
*INFO: Database opened = TRUE
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=8, pipeW=9
*INFO: Socket added[TCP/IPv4 transport]: fd=8, tail.count=1
*INFO: master fd=3
*INFO: Socket added[TCP/IPv4 transport]: fd=3, tail.count=2
*INFO: Transport::run() - enter
*INFO: Starting [TCP/IPv4 transport] server with IP {0.0.0.0} on port {10070} 
using fd {3} with type {9}...
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:0906D06C:PEM 
routines:PEM_read_bio:no start line]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=10, pipeW=11
*INFO: Socket added[TLS/IPv4 transport]: fd=10, tail.count=1
*INFO: master fd=4
*INFO: Socket added[TLS/IPv4 transport]: fd=4, tail.count=2
*INFO: Stack running in SERVER mode
*INFO: tsk_timer_manager_start
*INFO: Transport::run() - enter
*INFO: Timer manager run()::enter
*INFO: TIMER MANAGER -- START
*INFO: Starting [TLS/IPv4 transport] server with IP {0.0.0.0} on port {10072} 
using fd {4} with type {17}...
*INFO: SIP STACK::run -- START
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:140AD009:SSL 
routines:SSL_CTX_use_certificate_file:PEM lib]
***ERROR: function: "tnet_transport_tls_set_certs()"
file: "src/tnet_transport.c"
line: "255"
MSG: SSL_CTX_use_certificate_file failed [0,error:0906D06C:PEM 
routines:PEM_read_bio:no start line]
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=17, pipeW=18
*INFO: Socket added[SIP transport]: fd=17, tail.count=1
*INFO: master fd=12
*INFO: Socket added[SIP transport]: fd=12, tail.count=2
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=19, pipeW=20
*INFO: Socket added[SIP transport]: fd=19, tail.count=1
*INFO: master fd=13
*INFO: Socket added[SIP transport]: fd=13, tail.count=2
*INFO: Transport::run() - enter
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=21, pipeW=22
*INFO: Socket added[SIP transport]: fd=21, tail.count=1
*INFO: master fd=14
*INFO: Socket added[SIP transport]: fd=14, tail.count=2
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10060} 
using fd {12} with type {2}...
*INFO: Transport::run() - enter
*INFO: tnet_transport_prepare()
*INFO: pipeR fd=23, pipeW=24
*INFO: Socket added[SIP transport]: fd=23, tail.count=1
*INFO: master fd=15
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10064} 
using fd {14} with type {16}...
*INFO: Socket added[SIP transport]: fd=15, tail.count=2
*INFO: tnet_transport_prepare()
*INFO: Transport::run() - enter
*INFO: pipeR fd=25, pipeW=26
*INFO: Socket added[SIP transport]: fd=25, tail.count=1
*INFO: master fd=16
*INFO: Socket added[SIP transport]: fd=16, tail.count=2
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10060} 
using fd {15} with type {64}...
*INFO: Transport::run() - enter
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10062} 
using fd {16} with type {128}...
*INFO: SIP STACK -- START
*INFO: Transport::run() - enter
*INFO: Starting [SIP transport] server with IP {66.175.211.140} on port {10063} 
using fd {13} with type {8}...
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
*INFO: *** Stream Peer destroyed ***
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: *** Stream Peer destroyed ***
*INFO: CloseSocket(27)
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
*INFO: PipeR event = 1
*INFO: ioctlt(16), len=0 returned zero or failed
*INFO: NETWORK EVENT FOR SERVER [SIP transport] -- FD_ACCEPT(fd=27)
*INFO: Socket added[SIP transport]: fd=27, tail.count=3
*INFO: WebSocket Peer accepted/connected with fd = 27
*INFO: #1 peers in the 'SIP transport' transport
***ERROR: function: "tnet_tls_socket_accept()"
file: "src/tls/tnet_tls.c"
line: "168"
MSG: SSL_accept() failed with error code [1, error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher]
*INFO: Removing socket 27
*INFO: Socket to remove: fd=27, index=2, tail.count=3
*INFO: WebSocket Peer closed with fd = 27
*INFO: #0 peers in the 'SIP transport' transport
*INFO: CloseSocket(27)
*INFO: *** Stream Peer destroyed ***
*INFO: WebSocket Peer closed with fd = 27
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: SSL_accept() failed
***ERROR: function: "tnet_transport_mainthread()"
file: "src/tnet_transport_poll.c"
line: "708"
MSG: (SYSTEM)NETWORK ERROR ==>Success
Let us know the Workaround,if possible or should we quit using webrtc?

Chrome console logs:

s_websocket_server_url=wss:66.175.211.140:10062 SIPml-api.js?svn=224:1
s_sip_outboundproxy_url=(null) SIPml-api.js?svn=224:1
b_rtcweb_breaker_enabled=yes SIPml-api.js?svn=224:1
b_click2call_enabled=no SIPml-api.js?svn=224:1
b_early_ims=yes SIPml-api.js?svn=224:1
b_enable_media_stream_cache=no SIPml-api.js?svn=224:1
o_bandwidth={} SIPml-api.js?svn=224:1
o_video_size={} SIPml-api.js?svn=224:1
SIP stack start: proxy='ns313841.ovh.net:14062', realm='<sip:83.98.187.237>', 
impi='admin1', impu='"admin1"<sip:admin1@83.98.187.237>' SIPml-api.js?svn=224:1
Connecting to 'wss:66.175.211.140:10062' SIPml-api.js?svn=224:1
==stack event = starting SIPml-api.js?svn=224:1
__tsip_transport_ws_onerror SIPml-api.js?svn=224:1
__tsip_transport_ws_onclose SIPml-api.js?svn=224:1
==stack event = failed_to_start SIPml-api.js?svn=224:1

Regards
Yusuf

Original comment by shahnazp...@gmail.com on 12 Jun 2014 at 9:50

zhzhy86 / webrtc2sip

No Ciphers Available when attempting WSS between SipML 1.3 / 1.5 and WebRTC 2.6.0 #157