vicidial.org

We had a bunch of agents update chrome today to the new Chrome Version 87.0.4280.66.

It looks like this started breaking. when they press call agent webphone it now RIngs and goes back to registered. all agents that havent updated chrome are fine.

anyone know what broke here?

**UPDATE**
Just found This from logs:

Google Chrome 87 will remove support for the non-standard RTP data channels in WebRTC in favor of the standard SCTP-based data channels.

Anyone know the process for changing to the standard SCTP-based data channels?

Just tested Chrome 87 with both my development version and the standard phone.viciphone.com version. It works just fine. Please post your JavaScript error output so we can see what is actually happening.

I've had no issues either, running in production across multiple clusters and single server setups. No one has reported any issues.

I have found this only affects our vicibox7 server and not vicibox 8 or 9.

From the asterisk console we get

Code: Select all

ERROR[2989][C-00000025]: res_rtp_asterisk.c:2170 __rtp_recvfrom: DTLS failure occurred on RTP instance 'SomeNumberHere' due to reason 'tlsv1 alert protocol version', terminating

I decided chrome must have blocked TLSv1 or TLSv1.1. but I have disabled TLSv1 and TLSv1.1 everywhere I can think of.

Maybe I am missing it or can update apache or something?

You can not use an old version of Asterisk and have it work as the browsers and WebRTC implementations change. You must use the latest version. You also have to ensure you are keeping up to date with the changes that browsers make and how they impact your usage. In this case you’ve probably gotten hit by the change for ECDSA which is not supported by Asterisk 13.2: https://developers.google.com/web/updat ... cdsa?hl=en 40 and if not that specific one then something else.

Hope this helps....I found this information about it though:

Solved this issue by upgrading openssl.
Use below commands to upgrade openssl in Ubuntu 14

echo ‘deb http://us.archive.ubuntu.com/ubuntu/ 25 xenial main restricted universe multiverse’ > /etc/apt/sources.list.d/xenial.list
aptitude update
aptitude install -y openssl libssl-dev
rm /etc/apt/sources.list.d/xenial.list
aptitude update

Use below commands to check openssl version

ldd /usr/sbin/asterisk | grep libssl
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f33ce117000)

strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep 1.0.2
OPENSSL_1.0.2
OPENSSL_1.0.2g
SSLv3 part of OpenSSL 1.0.2g-fips 1 Mar 2016
TLSv1 part of OpenSSL 1.0.2g-fips 1 Mar 2016
DTLSv1 part of OpenSSL 1.0.2g-fips 1 Mar 2016
OpenSSL 1.0.2g-fips 1 Mar 2016

openssl version
OpenSSL 1.0.2g-fips 1 Mar 2016

After this delete all existing asterisk keys and recreate again

cd /usr/src/astersik*/contrb/scripts
sudo ./ast_tls_cert -C pbx.mycompany.com 5 -O “My Super Company” -d /etc/asterisk/keys
asterisk -rx “reload”

-Nox

To jump on the Chrome 87 issue, has anyone had any trouble downloading recordings stored on an ftp server from call logs?

Looks like the Chrome developers think you shouldn't use FTP anymore:


"Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation
Support for FTP links will be disabled for 50% of Chrome 87 users, with a complete removal scheduled for Chrome 88."

https://www.zdnet.com/article/chrome-87 ... precation/

For my webphone issue,

I have the same version of asterisk on both Vicibox7 and vicibox8(which works fine) and looks like the same version of openssl too.

Any one know of some difference between vicibox7 and vicibox 8 I could look at? I assume its some configuration file for asterisk or apache, but not sure.

Thanks

Looks like now since edge is Chromium it breaks with edge updating to version 87 too.

Anyone else experiencing this or am I the only one?

Figured I could share a bit more info on what I found here.

Code: Select all

Google Chrome 87 will remove support for the non-standard RTP data channels in WebRTC in favor of the standard SCTP-based data channels.
RTP data channels was a nonstandard feature introduced into the WebRTC codebase at its creation. Standardization efforts resulted in the definition of SCTP-based datachannels, which are much more common, and interoperate with other browsers. The continued support of RTP data channels adds significant complexity to the codebase

the error I see in asterisk is:

Code: Select all

ERROR[356][C-00005f56]: res_rtp_asterisk.c:2170 __rtp_recvfrom: DTLS failure occurred on RTP instance '0x7f3a600119f8' due to reason 'tlsv1 alert protocol version', terminating
res_rtp_asterisk.c:4506 ast_rtp_read: RTP Read error: Unspecified.

Same version of asterisk 11.25.3
Works on vicibox8 and above but not vicibox 7

Fixed this by using DTLS 1.2.

Thanks

good postback

alo wrote:Fixed this by using DTLS 1.2.

Thanks

How you have done that. Can you please share the step.
Thank you.

have you tried to zypper up? its automatically updated in latest opensuse updates

carpenox wrote:have you tried to zypper up? its automatically updated in latest opensuse updates

File '/repodata/repomd.xml' not found on medium 'http://download.opensuse.org/repositories/Apache/openSUSE_Leap_42.1/'
Warning: Skipping repository 'Apache_Leap_42.1' because of the above error.

File '/repodata/repomd.xml' not found on medium 'http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_Leap_42.1/'
Warning: Skipping repository 'Perl_openSUSE_Leap_42.1' because of the above error.

File '/repodata/repomd.xml' not found on medium 'http://download.opensuse.org/repositories/server:database/openSUSE_Leap_42.1/'
Warning: Skipping repository 'server:database_openSUSE_Leap_42.1' because of the above error.
Some of the repositories have not been refreshed because of an error.

Loading repository data...
Warning: Repository 'openSUSE_Leap_42.1_Updates' appears to be outdated. Consider using a different mirror or server.
Reading installed packages...

The following 9 package updates will NOT be installed:
asterisk asterisk-dahdi asterisk-moh-base asterisk-snmp dahdi-linux dahdi-linux-kmp-default libasteriskssl1 libjson-c2 libosptk-4_13_0

Nothing to do.

what version of vicibox are u using?

carpenox wrote:what version of vicibox are u using?

Vicibox 7

oh yea, your not gonna wanna zypper up with that, they dont update anymore for leap 42.1. youre gonna have to manually do the package via rpm probably but im not sure with 42.1, perhaps someone else here knows how to run that, or google how to update openssl for leap 42.1

Anyone having issues that is on the latest version of vicibox(opensuse 15.1) try this:

zypper in ncurses-devel libxml2-devel sqlite-devel libsrtp-devel libuuid-devel openssl-devel

Good luck

Nox