GOOD NEWS STT Bluemix API OK with TLS 1.2

Dan Lawrence

Member
Joined
Jan 4, 2008
Messages
44
Reaction score
7
Location
Seattle, WA
TL;DR IBM Cloud is withdrawing support for TLS 1.0 and TLS 1.1 across many cloud products and services. This does not appear to effect the voicemail speech to text add-on.:clap:

I've been using the voicemail speech to text for a while and it works great in my low volume application. Recently IBM Cloud has been peppering me with emails warning that they will only support TLS 1.2 starting March 1, 2018. For example...
Attention IBM Cloud User:

FINAL REMINDER!

On March 1, 2018 IBM Cloud will withdraw support for TLS 1.0 and TLS 1.1 across many of our cloud products and services as part of our commitment to offering a cloud that is secure to the core and in alignment with industry best practices for security and data privacy.

Read our announcement for a list of affected products and services, what actions you need to take to confirm you will not be impacted and other important details.

Regards,

The IBM Cloud Team
So today I figured I would check it see if the PIAF add-on script uses TLS 1.2. Based on the info under "Watson products and services" on this support document, it was clear we just need to change stream.watsonplatform.net/ into stream-TLS12.watsonplatform.net/ to see if our implementation passes the TLS1.2 only test. Good news, it does! But don't leave it that way because these special test hostnames will go away after March 1.

This should mean no action is required and come March 1st everything will continue working as expecting (at least as far as Watson STT is concerned)
 
  • Like
Reactions: wardmundy

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
Hmm. . . mine broke march 1.

The tests give:
curl: (35) SSL connect error

This is on a legacy 3.0.6.5

Any clues what I could use to update the library and force TLS 1.2?
 

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
Well, I updated curl but that didn't help.

If I add --tlsv1.2 to the curl command that seems to work in the bluemix-test script.

But it doesn't work in the sendmailmp3 script. I am still working on that.
 
Last edited:

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
Updated; here is how I modified the sendmailmp3 script, but it's still not working.

curl -s $CURL_OPTS --tlsv1.2 -k -u $API_USERNAME:$API_PASSWORD -X POST \
--limit-rate 40000 \
--header "Content-Type: audio/wav" \
--data-binary @stream.part3.wav \
"https://stream.watsonplatform.net/speech-to-text/api/v1/recognize?continuous=true&model=en-US_NarrowbandModel" 1>audio.txt

This doesn't work.

However the test does (sorry partially cutoff below)

curl --tlsv1.2 -k -u $API_USERNAME:$API_PASSWORD -X POST --limit-rate 40000 --header "Content-Type: audio/wav" --data-binary @/var/www/html/admin/modules/directory/sounds/cdir-transferring-further-assistance.wav

Any pointers?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
@atsak: What platform are you on? Just tried Incredible PBX 13-13 on CentOS 6 and it worked fine with no modifications.

Code:
There is a new voicemail in mailbox 701:

        From:   "843*******" <843*******>
        Length: 0:06 seconds
        Date:   Saturday, March 03, 2018 at 08:27:21 AM

Dial *98 to access your voicemail by phone.
Visit http://AMPWEBADDRESS/ucp to check your voicemail with a web browser.



 Message contents: here is a test message after the tone we want to see if it records properly have a nice day
 

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
It's old Ward - it's a 3.0.6.5 / CentOS 6.5 / Fpbx 11 (Green).

I think the NSS is out of date so I have just updated, and I actually think something has simultaneously gone wrong with my Bluemix credentials. I just tried to log into the portal and am getting "your account needs review by our staff" after using is for the last couple months . . . their authentication is brutal. I've had to call in several times to verify my credit card (both my Canadian and US cards caused problems). Sigh.

I'm checking if the account issue is resolved tomorrow.

Thanks.
 
  • Like
Reactions: wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
@atsak You can have Incredible PBX 13-13 up and running in under 30 minutes, and you'll sleep like a baby. :driving:
 
  • Like
Reactions: atsak

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
Not on a system with 200 extensions in Hyper V with lots of customization (your point is good though; it is time soon to upgrade it, still waffling between Issabel and PIAF FPBX open source versions). This was the result of IBM Bluemix disabling my account AND the change in the TLS standard. Fix is to upgrade curl and NSS (yum update curl nss) and then spend half an hour verifying my account with IBM (Softlayer) on the phone. Again. Also had to add the --tlsv1.2 switch noted in sendmailmp3 script. In theory this could also be added to the $CURLOPTS variable within the script I saw there, but it makes no difference I suppose.

I have no idea why the bluemix-test worked but the production didn't, but I think it was because my account was partially enabled still and the test ran on a server that was OK with my account still. The bluemix-test started failing after this testing as well though.

Important to note this would only apply to an old server like this one with CentOS 6.5 and older curl versions on it. The later versions of CentOS etc shouldn't have this problem.

Thanks for the help.
 
  • Like
Reactions: wardmundy

eneseye

New Member
Joined
Dec 8, 2015
Messages
2
Reaction score
0
So I was able to set this up relatively quick on a FPBX system - thank you all for the detailed setup instructions, it works like a champ!

I attempted to set it up by using the /root directory rather than the /usr/local/sbin directory. I copied the sendmailmp3 file to /root and set /root/sendmailmp3 in the mailcmd field.

In sendmailmp3 it looks like I need to edit PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

I attempted to use PATH="/root:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" but that didnt work for me.

Am I even able to do this, or am I missing something else? I didnt notice any other references to the /usr/local/sbin directory in that file.

Thanks in advance for any guidance
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
asterisk user cannot access /root so sending emails will fail.
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,319
Messages
137,023
Members
14,550
Latest member
treimers