[OpenSIPS-Users] opensips wss support

Eric Tamme eric at uphreak.com
Tue Jan 12 23:01:10 CET 2016


For wss to work, your site must be https, and your sip server must be 
wss.  You can not downgrade the connection anywhere.  Also if you are 
linking to sip.js, the url MUST ALSO BE https e.g:

<script type="text/javascript" 
src="https://cdn.rawgit.com/onsip/SIP.js/0.7.2/dist/sip-0.7.2.min.js 
<view-source:https://cdn.rawgit.com/onsip/SIP.js/0.7.2/dist/sip-0.7.2.min.js>"></script>


For 2.X you must use the new tls_mgm module as the cert management is 
now shared between tls and wss.

for example:

listen=wss:123.456.789.987:443
listen=tls:123.456.789.987:5061

loadmodule "tls_mgm.so"
loadmodule "proto_tls.so"
loadmodule "proto_wss.so"


modparam("tls_mgm", "certificate","/etc/letsencrypt/live/acme.com/cert.pem")
modparam("tls_mgm", 
"private_key","/etc/letsencrypt/live/acme.com/privkey.pem")


I am using sip.js 0.7.2 with latest master from opensips and doing full 
https + wss

-Eric


On 01/12/2016 02:54 PM, Tito Cumpen wrote:
> Do Nguyen Ha,
>
> I was getting errors about the ws destination being unencrypted when 
> using sip.js.
>
>
> Razvan or community,
>
> What cert configuration does it utilize? does it take it from the tls 
> configuration?
>
> http://www.opensips.org/Documentation/Tutorials-TLS-2-1
>
> In this tutorial I see the protocol being defined. Would these 
> settings apply or would a respective proto_wss have to be provided in 
> the config?
>
>
> Thanks,
> Tito
>
> On Tue, Jan 5, 2016 at 7:17 AM, Do Nguyen Ha <donguyenha at gmail.com 
> <mailto:donguyenha at gmail.com>> wrote:
>
>     hi Tito
>
>     i did test the webrtc with chrome version 47. we only need to
>     setup web server with HTTPS only that point to jssip source code.
>     the jssip should works properly
>
>     there is no need wss on opensips server - just use ws on opensips
>
>     thank you
>
>     On Jan 5, 2016 5:53 PM, "Tito Cumpen" <tito at xsvoce.com
>     <mailto:tito at xsvoce.com>> wrote:
>
>         Hey Razvan,
>
>         Any updates on wss?
>
>         On Dec 7, 2015 12:35 PM, "Tito Cumpen" <tito at xsvoce.com
>         <mailto:tito at xsvoce.com>> wrote:
>
>             Hey Răzvan,
>
>             Any updates on this? Getuser media has been disabled when
>             using http and using https enforces wss on chrome.
>
>             Thanks,
>             Tito
>
>
>             On Fri, Nov 20, 2015 at 4:44 AM, Răzvan Crainea
>             <razvan at opensips.org <mailto:razvan at opensips.org>> wrote:
>
>                 Hi, Tito!
>
>                 I am working on it. I have already started a local
>                 branch and started coding, hopefully it will be public
>                 by the end of the month.
>
>                 Best regards,
>
>                 Răzvan Crainea
>                 OpenSIPS Solutions
>                 www.opensips-solutions.com
>                 <http://www.opensips-solutions.com>
>
>                 On 11/19/2015 07:35 PM, Tito Cumpen wrote:
>>                 Razvan,
>>
>>
>>                 Is there currently a timeline for wss as of now? I
>>                 can aid in testing if needed.
>>
>>
>>
>>
>>                 On Wed, Nov 4, 2015 at 1:25 PM, Tito Cumpen
>>                 <tito at xsvoce.com <mailto:tito at xsvoce.com>> wrote:
>>
>>                     Razvan,
>>
>>
>>                     Thanks for the reply. Can't wait to try this
>>                     feature out.
>>
>>                     On Tue, Nov 3, 2015 at 3:32 AM, Răzvan Crainea
>>                     <razvan at opensips.org
>>                     <mailto:razvan at opensips.org>> wrote:
>>
>>                         Hi, Tito!
>>
>>                         Yes, we have WSS support on top of our
>>                         priorities, and most likely will be released
>>                         with the next OpenSIPS 2.2.
>>
>>                         Best regards,
>>
>>                         Răzvan Crainea
>>                         OpenSIPS Solutions
>>                         www.opensips-solutions.com
>>                         <http://www.opensips-solutions.com>
>>
>>                         On 10/16/2015 01:41 AM, Tito Cumpen wrote:
>>>                         To opensips devs.
>>>
>>>
>>>                         Are there any plans to support wss?
>>>                         Currently chrome will not allow for an
>>>                         unsecure websocket to be initiated when
>>>                         using https. They also threaten to remove
>>>                         getusermedia when using ws.
>>>
>>>                         https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
>>>
>>>                         Please advise. I am working on a project
>>>                         that depends on this.
>>>
>>>                         Thanks,
>>>                         Tito
>>>
>>>
>>>                         _______________________________________________
>>>                         Users mailing list
>>>                         Users at lists.opensips.org
>>>                         <mailto:Users at lists.opensips.org>
>>>                         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>                         _______________________________________________
>>                         Users mailing list
>>                         Users at lists.opensips.org
>>                         <mailto:Users at lists.opensips.org>
>>                         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>>
>>                 _______________________________________________
>>                 Users mailing list
>>                 Users at lists.opensips.org
>>                 <mailto:Users at lists.opensips.org>
>>                 http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>                 _______________________________________________
>                 Users mailing list
>                 Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>                 http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>         _______________________________________________
>         Users mailing list
>         Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160112/ca744d01/attachment-0001.htm>


More information about the Users mailing list