[asterisk-bugs] [Asterisk 0019196]: Can't provide secure audio requested in SDP offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Apr 28 09:43:55 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19196
======================================================================
Reported By: stefanero
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19196
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
Asterisk Version: 1.8.3.2
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-04-28 08:29 CDT
Last Modified: 2011-04-28 09:43 CDT
======================================================================
Summary: Can't provide secure audio requested in SDP offer
Description:
Hello,
I am running * version 1.8.3.2 on opensuse 11.3 x86_64
we have a lot of Voice over WLan phones attached to our * , which use * as
a generic gateway to our Nortel CS1KE (rel 5.5).
I wanted to upgrade from * 1.6.0.24 to latest 1.8.X version.
when now calling from SIP phone to Nortel everything is okey, all calls
work no problem.
but when I want to transfer an existing wlan-nortel call to a 2nd nortel
phone I get an error in the asterisk console.
also the RTP stream is dead on both ends, and noone can hear the other.
======================================================================
----------------------------------------------------------------------
(0134234) davidw (reporter) - 2011-04-28 09:43
https://issues.asterisk.org/view.php?id=19196#c134234
----------------------------------------------------------------------
RFC 4568 says
If there are one or more crypto attributes in the offer, but none of
them are valid or none of the valid ones are supported, the offered
media stream MUST be rejected.
The only alternative to rejecting the whole INVITE is to reject the
stream, but that would leave a session with no media streams. The answerer
cannot counter-bid.
My guess is that Asterisk 1.6.x didn't understand SDP crypto, so fell back
on this clause:
5.3. General Backwards Compatibility Considerations
In the offer/answer model, it is possible that the answerer supports
a given secure transport (e.g., "RTP/SAVP") and accepts the offered
media stream, but that the answerer does not support the crypto
attribute defined in this document and hence ignores it. The offerer
can recognize this situation by seeing an accepted media stream in
the answer that does not include a crypto line. In that case, the
security negotiation defined here MUST fail.
I'd assume that either the Nortel is broken and violating a MUST clause,
or it does retry without encryption, in that case.
Issue History
Date Modified Username Field Change
======================================================================
2011-04-28 09:43 davidw Note Added: 0134234
======================================================================
More information about the asterisk-bugs
mailing list