[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Feb 7 10:15:21 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18674
======================================================================
Reported By: bbeers
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18674
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: minor
Priority: normal
Status: feedback
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 303637
Request Review:
======================================================================
Date Submitted: 2011-01-25 09:56 CST
Last Modified: 2011-02-07 10:15 CST
======================================================================
Summary: [patch] Unable to choose which SRTP suite to offer
Description:
Setting encryption=yes in sip.conf will cause asterisk to
generate a line in SIP INVITE SDP:
a=crypto: AES_CM_128_HMAC_SHA1_80 ...
There is no way to specify that asterisk should offer
AES_CM_128_HMAC_SHA1_32 instead of
AES_CM_128_HMAC_SHA1_80.
======================================================================
----------------------------------------------------------------------
(0131564) bbeers (reporter) - 2011-02-07 10:15
https://issues.asterisk.org/view.php?id=18674#c131564
----------------------------------------------------------------------
c1nco: Looks like we're back where we were before I caved to
the "no new parameters" suggestions.
The SRTP unprotect warnings are happenning at 5 second intervals.
Could they be (S)RTCP related?
( I have not had any luck using (S)RTCP while using SRTP.
In fact, one of my other, related, patches is to ignore incoming
(S)RTCP packets when using SRTP. Another issue to bring up soon.)
Can you disable (S)RTCP from the other end and see if those
warnings stop?
As for the Phonerlite trace, the problem is the same as
before ... Asterisk sees the a=media line:
m=audio 5062 RTP/AVP 111 110 97 3 0 8 101
And decides that secure_audio is off.
I can't quote RFC chapter and verse, but Asterisk expects
it to be:
m=audio 5062 RTP/SAVP 111 110 97 3 0 8 101
You could modify the logic in process_sdp() function in chan_sip.c,
but I have no idea of the repercussions of such a decision.
I think the other end should be fixed.
Issue History
Date Modified Username Field Change
======================================================================
2011-02-07 10:15 bbeers Note Added: 0131564
======================================================================
More information about the asterisk-bugs
mailing list