SIPML 5 Client and SipServlets not works Using WSS - webrtc

I Have Tomcat run on HTTPS.
I have tried to deploy SIPML5 WebSocket Application To into my tomcat.
When I tried to connect Sip Servlets using ws :
ws://192.168.X.Y:5082
And Sip Servlets Config looks like :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="ws"/>
I got an error :
SIPml-api.js:4 Mixed Content: The page at 'https://192.168.X1.X2:8443/CallCenterBK/CallCenterBK.jsp?sip=1' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://192.168.X.Y:5082/'. This request has been blocked; this endpoint must be available over WSS.
When I have changes my SIPML 5 Client to wss :
wss://192.168.X.Y:5082
And my sip servlets config looks like :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="wss"/>
I got another error :
WebSocket connection to 'wss://192.168.X.Y:5082/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
And when I have set to sipml 5 client : wss://192.168.X.Y:5082
and config changed to :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="ws"/>
I got an error :
WebSocket connection to 'wss://192.168.1.3:5082/' failed: Error in connection establishment: net::ERR_TIMED_OUT
What I did incorrectly ?
Any idea will be appreciated.

You configured the HTTPs connector with the certificate information, you need to do the same thing for the WSS connector. Unfortunately the configuration for that is located at the SIP Stack level, so you need to edit your standalone/configuration/mss-sip-stack.properties and add
gov.nist.javax.sip.TLS_CLIENT_AUTH_TYPE=Disabled
javax.net.ssl.keyStore=$TRUSTSTORE_FILE
javax.net.ssl.keyStorePassword=$TRUSTSTORE_PASSWORD
javax.net.ssl.trustStorePassword=$TRUSTSTORE_PASSWORD
javax.net.ssl.trustStore=$TRUSTSTORE_FILE
javax.net.ssl.keyStoreType=JKS

SIPML5 works fine with wss for sure. The problem is on your server side.
Make sure that 5082 port is listening (telnet)
Make sure that you have installed a valid SSL certificate to your
server
Make sure that 5082 is the secure (wss) port (On most servers the ws
unsecured and wss secured are listening on different ports)

Related

I can see live app on secured port 443 red5pro

I prepared server ubuntu like from docs. I created SSL cert to my domin and i have open required ports. I installed red5pro in to /usr/local/red5pro/ and server fine. When i will go to http://example.com:5080/ i can see home page red5pro and is ok. But when i click on broadcast i have a info: No suitable Publisher found. WebRTC & Flash not supported. Ok, maybe because is http not https. I decided create test index page in to /var/www/test/index.html and i have basic configuration like:
var config = {
protocol: 'wss',
host: 'example.com',
port: 443,
app: 'live',
streamName: 'abccaccaa',
rtcConfiguration: {
iceServers: [{urls: 'stun:stun2.l.google.com:19302'}],
iceCandidatePoolSize: 2,
bundlePolicy: 'max-bundle'
} // See https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/RTCPeerConnection#RTCConfiguration_dictionary
};
And now when i try broadcast have an info: WebSocket connection to 'wss://example.com/live/?id=abccaccaa' failed: Error during WebSocket handshake: Unexpected response code: 404
Looks like have no example.com/live and cant figure out what is wrong :( since 2 days. Maybe someone could give me an advice ? Or alternative on other application than red5pro

Kafka over ssl: does not have listener with name `ListenerName(SSL)’

I try to configure my Kafka brokers to work under ssl. I have the following configuration in all brokers:
listeners=PLAINTEXT://0.0.0.0:9092, SSL://0.0.0.0:9093
advertised.host.name=my_host_ip
port=9092
ssl.truststore.location=/opt/kafka/kafka.server.truststore.jks
ssl.keystore.location=/opt/kafka/kafka.server.keystore.jks
ssl.key.password=123456
ssl.keystore.password=123456
ssl.truststore.password=123456
And some other definitions which are not related to my ssl configuration.
In the client configuration I have the following:
security.protocol=SSL
ssl.truststore.location=/opt/kafka_2.12-0.10.2.0/config/ssl/kafka/client.truststore.jks
ssl.truststore.password=123456
With port 9092 (no ssl) everything works well, but when I try to use port 9093 - I got the following error, and I can't post message to the Kafka topic:
2017-04-25T16:59:19.945801000Z [2017-04-25 16:59:19,857] ERROR [KafkaApi-2] Error when handling request {topics=null} (kafka.server.KafkaApis)
2017-04-25T16:59:19.945991000Z kafka.common.BrokerEndPointNotAvailableException: Broker `2` does not have listener with name `ListenerName(SSL)’
I have ssl connection between the machines (checked with openssl)
What can be the reason?
I think you're exposing port 9092, but your SSL is configured to listen to 9093. Also, if I remember correctly, advertised.host.name is a deprecated parameter in kafka 0.10.x
I'll suggest commenting out advertised.host.name=my_host_ip and port=9092 and putting advertised.listeners=PLAINTEXT://<ip>:9092, SSL://<ip>:9093

wss certificate configuration

I'd like to know if it is possible to configure a certificate for wss when using restcomm sipservlets with a keystoretype PKCS12
I found this post:
SIPML 5 Client and SipServlets not works Using WSS
and looked to modify the suggestion to :
gov.nist.javax.sip.TLS_CLIENT_AUTH_TYPE=Disabled
javax.net.ssl.keystoreFile="conf/STAR_domain.pfx"
javax.net.ssl.keyStorePassword="pkcspass"
javax.net.ssl.keystoreType="PKCS12"
my connector config:
<Connector port="10443"
ipAddress = "ip.address"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="wss"/>
When opening a socket to this port I don't get a server hello. Meaning the cert wasn't loaded?
Please Read and follow the steps at http://docs.telestax.com/sip-servlets-security/

SIPML5 connection to Asterisk 13 over wss

I have successfully setup sipml5 using a standard non secure ws:// to an asterisk 13 server, can make and receive calls using demo at https://www.doubango.org/sipml5/call.htm. However, I am having problem with wss or secure socket connection.
I got this error (chrome):
WebSocket connection to 'wss://myserver.com:8089/ws' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
My settings
WebSocket Server URL -> wss://myserver.com:8089/ws
SIP outbound Proxy URL -> udp://myserver.com:5060
Finally I solved this problem by adding following line to http.conf
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/path-to/cert.pem
tlsprivatekey=/path-to/privkey.pem

Apache http core nio 4.3.3 reverse proxy SSL error

I am developing a reverse proxy using http core nio 4.3.3 and need to connect to a Secure/HTTPS endpoint via the proxy. I took the reverse proxy(Asynchronous HTTP reverse proxy)[1] and added SSL support as shown below.
SSLContext clientSSLContext =
SSLUtil.createClientSSLContext(TRUST_STORE_LOCATION,
TRUST_STORE_PASSWORD);
final IOEventDispatch connectingEventDispatch =
new DefaultHttpClientIODispatch(
clientHandler,
clientSSLContext,
ConnectionConfig.DEFAULT);
...
connectingIOReactor.execute(connectingEventDispatch);
When I send the request, I am getting this error,
java.io.IOException: SSL not supported
The Stack trace is given below.
[client<-proxy] 00000001 java.io.IOException: SSL not supported
java.io.IOException: SSL not supported
at org.apache.http.impl.nio.pool.BasicNIOConnFactory.create(BasicNIOConnFactory.java:159)
at org.apache.http.impl.nio.pool.BasicNIOConnFactory.create(BasicNIOConnFactory.java:1)
at org.apache.http.nio.pool.AbstractNIOConnPool.requestCompleted(AbstractNIOConnPool.java:484)
at org.apache.http.nio.pool.AbstractNIOConnPool$InternalSessionRequestCallback.completed(AbstractNIOConnPool.java:770)
at org.apache.http.impl.nio.reactor.SessionRequestImpl.completed(SessionRequestImpl.java:127)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processNewChannels(AbstractIOReactor.java:423)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:288)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:662)
I enabled SSL debug logs as well, but still could not figure out the issue.
Then I debugged this and found out that the proxy received the request from the client and drops due to an exception inside the handle method of HttpAsyncRequestConsumer. The exception is java.io.IOException: SSL not supported
Also note that the SSLContext was working fine with a reverse proxy written using the netty transport.
Any help would be appreciated.
[1] https://hc.apache.org/httpcomponents-core-ga/examples.html
Regards,
Ravindra.
When using a connection pool on the client side to manage outgoing connections one needs to ensure that the connection factory used by the pool to create new connection objects is SSL capable. Please make sure that the connection pool is properly configured.
Thanks a lot for the advice. That solved the issue.
clientSSLContext =
SSLUtil.createClientSSLContext(TRUST_STORE_LOCATION,
TRUST_STORE_PASSWORD);
BasicNIOConnFactory connectionFactory =
new BasicNIOConnFactory(
clientSSLContext,
null,
ConnectionConfig.DEFAULT);
proxyConnPool = new ProxyConnPool(connectingIOReactor, connectionFactory, 5000)