[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Feb 28 06:25:14 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18674
======================================================================
Reported By: bbeers
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18674
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: minor
Priority: normal
Status: acknowledged
Asterisk Version: SVN
JIRA: SWP-3142
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 303637
Request Review:
======================================================================
Date Submitted: 2011-01-25 09:56 CST
Last Modified: 2011-02-28 06:25 CST
======================================================================
Summary: [patch] Unable to choose which SRTP suite to offer
Description:
Setting encryption=yes in sip.conf will cause asterisk to
generate a line in SIP INVITE SDP:
a=crypto: AES_CM_128_HMAC_SHA1_80 ...
There is no way to specify that asterisk should offer
AES_CM_128_HMAC_SHA1_32 instead of
AES_CM_128_HMAC_SHA1_80.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0018187 Indicate SRTP + Feature reqest
======================================================================
----------------------------------------------------------------------
(0132433) mammal (reporter) - 2011-02-28 06:25
https://issues.asterisk.org/view.php?id=18674#c132433
----------------------------------------------------------------------
Tried public asterisk 1.8.2.4 with patch 22 applied
The problem is that our softphone offers both 32 and 80. Asterisk sets the
cryptosuite to 32 internally but responds with 80 in SDP. So we start
sending RTP with SHA1-80 and it results with SRTP unprotect: authentication
failure
of course.
Also it seems that non RTP/RTCP packets are fed into srtp unprotect (e.g.
ZRTP packets) which fills logs with auth failure messages as well.
Issue History
Date Modified Username Field Change
======================================================================
2011-02-28 06:25 mammal Note Added: 0132433
======================================================================
More information about the asterisk-bugs
mailing list