#2614 TLS with SRTP outgoing calls

[Anonymous]

Originally created by: multi...@gmail.com

It works ok on local net (TLS transport and SRTP yellow bars), but from internet no. (TLS transport yellow bar and error 503 / End of file (PJ_EEOF).

I have 2 connections ,one with asterisk local ip and one with external ip.

my option on both accounts are same exept the ip's :

Account id <sip:11@xxx.xxx.x.x> "asterisk's ip or the dynds for external accunt"
Registration URI sip:xxx.xxx.x.x:5061 "asterisk's ip or the dynds for external accunt"
Proxi URI sip:xxx.xxx.x.x:5061 "asterisk's ip or the dynds for external accunt"

My csipsimple version is the latest in the google market.
I have also succesfully test the connection with one pc client from outside.

Thank u!

[Anonymous]

Originally posted by: r3gis...@gmail.com

Hi,
Can you collect and send me logs? (see https://code.google.com/p/csipsimple/wiki/HowToCollectLogs?wl=en wiki page).

There is often some problem with asterisk configuration with tls bind port not set in extensions and global conf.

Status: Need-Details

[Anonymous]

Originally posted by: dlake...@gmail.com

Regis, this is probably covered in bug 2280 which you closed for some reason but which is NOT fixed.

To get TLS working in Android 4.2 or above (approximately) you need to install the nightly "special build" with the OpenSSL statically linked. I don't know why you don't just make that the standard build it only saves a megabyte or so to leave the openssl out but it makes security unusable in the market version at least for me and for several other people linked in that previous bug

[Anonymous]

Originally posted by: r3gis...@gmail.com

@dlakelan : using a stock android version or a custom rom ?
Normally on all devices I have including those with 4.2+ (all using stock rom) there is no problem with the use of dynamic linking over openssl lib.
In addition to reducing size of the apk, it ensures the openssl lib will benefit updates of the android system. Which is a big security benefit IMHO.

[Anonymous]

Originally posted by: dlake...@gmail.com

Regis: stock rom for Galaxy Victory, LG Optimus F3, and Galaxy Tab 2, none of those work with the market version using TLS and SRTP and they haven't worked for a long time. Always get PJ_EEOF, and always fixed by static openssl build. I've been using the openssl static build for a long time, but it hasn't been updated. I see a lot of complaints on bug 2280 about similar problems from others as well.

[Anonymous]

Originally posted by: dlake...@gmail.com

Specifically it's actually 4.1.2 on my galaxy victory, and 4.2.2 on my galaxy tab 2, not sure what version the LG Optimus is (my wife has that phone). They're all stock.

[Anonymous]

Originally posted by: dlake...@gmail.com

Regis. I have installed the market version today on my stock Galaxy Victory (android 4.1.2). I am using TLS and SRTP, and I have 4 codecs enabled (speex 8, speex 16, pcmu, pcma). When I am using normal SIP I get PJ_EEOF when I call. When I'm using COMPACT SIP I am able to make calls.

I hope this helps you debug this issue! Perhaps there is some buffer which is too small to contain all the information in a SIP packet when TLS/SRTP and several codecs are enabled unless you use compact SIP??