[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Feb 11 17:34:50 CST 2011 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18674 
====================================================================== 
Reported By:                bbeers
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18674
Category:                   Channels/chan_sip/SRTP
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 303637 
Request Review:              
====================================================================== 
Date Submitted:             2011-01-25 09:56 CST
Last Modified:              2011-02-11 17:34 CST
====================================================================== 
Summary:                    [patch] Unable to choose which SRTP suite to offer
Description: 
Setting encryption=yes in sip.conf will cause asterisk to
 generate a line in SIP INVITE SDP:

 a=crypto: AES_CM_128_HMAC_SHA1_80 ...

There is no way to specify that asterisk should offer
 AES_CM_128_HMAC_SHA1_32 instead of
 AES_CM_128_HMAC_SHA1_80.

====================================================================== 

---------------------------------------------------------------------- 
 (0131885) bbeers (reporter) - 2011-02-11 17:34
 https://issues.asterisk.org/view.php?id=18674#c131885 
---------------------------------------------------------------------- 
I just uploaded a new patch that follows more along the lines of
 the allow parameter used for codec selection.
You can select more than one cryptosuite, for example:

encryption=aes_80,aes_32

and the INVITE will have 2 a=crypto lines

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:...
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:...

Did not work out to prefer one cryptosuite, so
 aes_80,aes_32 is the same as aes_32,aes_80.
Could work on that if it's deemed important/necessary.
Still haven't tackled negotiating when multiple cryptosuites
 arrive in INVITE, and first one is not in our list.  Asterisk will
 currently accept the first cryptosuite as long as it is aes_32 or aes_80.


Please try it out, make comments. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-02-11 17:34 bbeers         Note Added: 0131885                          
======================================================================

More information about the asterisk-bugs mailing list