Re: [OpenSIPS-Users] opensips wss support

[Tito Cumpen]

Eric,

Thank you that worked flawlessly.


Thanks,
Tito

On Tue, Jan 12, 2016 at 5:01 PM, Eric Tamme  wrote:

> For wss to work, your site must be https, and your sip server must be
> wss.  You can not downgrade the connection anywhere.  Also if you are
> linking to sip.js, the url MUST ALSO BE https e.g:
>
>  src="https://cdn.rawgit.com/onsip/SIP.js/0.7.2/dist/sip-0.7.2.min.js";>
>
>
> For 2.X you must use the new tls_mgm module as the cert management is now
> shared between tls and wss.
>
> for example:
>
> listen=wss:123.456.789.987:443
> listen=tls:123.456.789.987:5061
>
> loadmodule "tls_mgm.so"
> loadmodule "proto_tls.so"
> loadmodule "proto_wss.so"
>
>
> modparam("tls_mgm", "certificate","/etc/letsencrypt/live/acme.com/cert.pem
> ")
> modparam("tls_mgm", "private_key","/etc/letsencrypt/live/
> acme.com/privkey.pem")
>
>
> I am using sip.js 0.7.2 with latest master from opensips and doing full
> https + wss
>
> -Eric
>
>
>
> On 01/12/2016 02:54 PM, Tito Cumpen wrote:
>
> Do Nguyen Ha,
>
> I was getting errors about the ws destination being unencrypted when using
> sip.js.
>
>
> Razvan or community,
>
> What cert configuration does it utilize? does it take it from the tls
> configuration?
>
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1
>
> In this tutorial I see the protocol being defined. Would these settings
> apply or would a respective proto_wss have to be provided in the config?
>
>
> Thanks,
> Tito
>
> On Tue, Jan 5, 2016 at 7:17 AM, Do Nguyen Ha  wrote:
>
>> hi Tito
>>
>> i did test the webrtc with chrome version 47. we only need to setup web
>> server with HTTPS only that point to jssip source code. the jssip should
>> works properly
>>
>> there is no need wss on opensips server - just use ws on opensips
>>
>> thank you
>> On Jan 5, 2016 5:53 PM, "Tito Cumpen"  wrote:
>>
>>> Hey Razvan,
>>>
>>> Any updates on wss?
>>> On Dec 7, 2015 12:35 PM, "Tito Cumpen"  wrote:
>>>
 Hey Răzvan,

 Any updates on this? Getuser media has been disabled when using http
 and using https enforces wss on chrome.

 Thanks,
 Tito


 On Fri, Nov 20, 2015 at 4:44 AM, Răzvan Crainea < 
 raz...@opensips.org> wrote:

> Hi, Tito!
>
> I am working on it. I have already started a local branch and started
> coding, hopefully it will be public by the end of the month.
>
> Best regards,
>
> Răzvan Crainea
> OpenSIPS Solutionswww.opensips-solutions.com
>
> On 11/19/2015 07:35 PM, Tito Cumpen wrote:
>
> Razvan,
>
>
> Is there currently a timeline for wss as of now? I can aid in testing
> if needed.
>
>
>
>
> On Wed, Nov 4, 2015 at 1:25 PM, Tito Cumpen < 
> t...@xsvoce.com> wrote:
>
>> Razvan,
>>
>>
>> Thanks for the reply. Can't wait to try this feature out.
>>
>> On Tue, Nov 3, 2015 at 3:32 AM, Răzvan Crainea <
>> raz...@opensips.org> wrote:
>>
>>> Hi, Tito!
>>>
>>> Yes, we have WSS support on top of our priorities, and most likely
>>> will be released with the next OpenSIPS 2.2.
>>>
>>> Best regards,
>>>
>>> Răzvan Crainea
>>> OpenSIPS Solutionswww.opensips-solutions.com
>>>
>>> On 10/16/2015 01:41 AM, Tito Cumpen wrote:
>>>
>>> To opensips devs.
>>>
>>>
>>> Are there any plans to support wss? Currently chrome will not allow
>>> for an unsecure websocket to be initiated when using https. They also
>>> threaten to remove getusermedia when using ws.
>>>
>>>
>>> 
>>> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
>>>
>>> Please advise. I am working on a project that depends on this.
>>>
>>> Thanks,
>>> Tito
>>>
>>>
>>> ___
>>> Users mailing 
>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>>> 
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>

>>> ___
>>> Users mailing list
>>> Users@lists.opensips.org
>

Re: [OpenSIPS-Users] opensips wss support

[Eric Tamme]

For wss to work, your site must be https, and your sip server must be 
wss.  You can not downgrade the connection anywhere.  Also if you are 
linking to sip.js, the url MUST ALSO BE https e.g:


src="https://cdn.rawgit.com/onsip/SIP.js/0.7.2/dist/sip-0.7.2.min.js 
https://cdn.rawgit.com/onsip/SIP.js/0.7.2/dist/sip-0.7.2.min.js>">



For 2.X you must use the new tls_mgm module as the cert management is 
now shared between tls and wss.


for example:

listen=wss:123.456.789.987:443
listen=tls:123.456.789.987:5061

loadmodule "tls_mgm.so"
loadmodule "proto_tls.so"
loadmodule "proto_wss.so"


modparam("tls_mgm", "certificate","/etc/letsencrypt/live/acme.com/cert.pem")
modparam("tls_mgm", 
"private_key","/etc/letsencrypt/live/acme.com/privkey.pem")



I am using sip.js 0.7.2 with latest master from opensips and doing full 
https + wss


-Eric


On 01/12/2016 02:54 PM, Tito Cumpen wrote:

Do Nguyen Ha,

I was getting errors about the ws destination being unencrypted when 
using sip.js.



Razvan or community,

What cert configuration does it utilize? does it take it from the tls 
configuration?


http://www.opensips.org/Documentation/Tutorials-TLS-2-1

In this tutorial I see the protocol being defined. Would these 
settings apply or would a respective proto_wss have to be provided in 
the config?



Thanks,
Tito

On Tue, Jan 5, 2016 at 7:17 AM, Do Nguyen Ha > wrote:


hi Tito

i did test the webrtc with chrome version 47. we only need to
setup web server with HTTPS only that point to jssip source code.
the jssip should works properly

there is no need wss on opensips server - just use ws on opensips

thank you

On Jan 5, 2016 5:53 PM, "Tito Cumpen" mailto:t...@xsvoce.com>> wrote:

Hey Razvan,

Any updates on wss?

On Dec 7, 2015 12:35 PM, "Tito Cumpen" mailto:t...@xsvoce.com>> wrote:

Hey Răzvan,

Any updates on this? Getuser media has been disabled when
using http and using https enforces wss on chrome.

Thanks,
Tito


On Fri, Nov 20, 2015 at 4:44 AM, Răzvan Crainea
mailto:raz...@opensips.org>> wrote:

Hi, Tito!

I am working on it. I have already started a local
branch and started coding, hopefully it will be public
by the end of the month.

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com


On 11/19/2015 07:35 PM, Tito Cumpen wrote:

Razvan,


Is there currently a timeline for wss as of now? I
can aid in testing if needed.




On Wed, Nov 4, 2015 at 1:25 PM, Tito Cumpen
mailto:t...@xsvoce.com>> wrote:

Razvan,


Thanks for the reply. Can't wait to try this
feature out.

On Tue, Nov 3, 2015 at 3:32 AM, Răzvan Crainea
mailto:raz...@opensips.org>> wrote:

Hi, Tito!

Yes, we have WSS support on top of our
priorities, and most likely will be released
with the next OpenSIPS 2.2.

Best regards,

Răzvan Crainea
OpenSIPS Solutions
www.opensips-solutions.com


On 10/16/2015 01:41 AM, Tito Cumpen wrote:

To opensips devs.


Are there any plans to support wss?
Currently chrome will not allow for an
unsecure websocket to be initiated when
using https. They also threaten to remove
getusermedia when using ws.


https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

Please advise. I am working on a project
that depends on this.

Thanks,
Tito


___
Users mailing list
Users@lists.opensips.org

http://lists.opensips.org/cgi-bin/mailman/listinfo/users



___
Users mailing list