[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Jan 31 22:57:31 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18674
======================================================================
Reported By: bbeers
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18674
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: minor
Priority: normal
Status: feedback
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 303637
Request Review:
======================================================================
Date Submitted: 2011-01-25 09:56 CST
Last Modified: 2011-01-31 22:57 CST
======================================================================
Summary: [patch] Unable to choose which SRTP suite to offer
Description:
Setting encryption=yes in sip.conf will cause asterisk to
generate a line in SIP INVITE SDP:
a=crypto: AES_CM_128_HMAC_SHA1_80 ...
There is no way to specify that asterisk should offer
AES_CM_128_HMAC_SHA1_32 instead of
AES_CM_128_HMAC_SHA1_80.
======================================================================
----------------------------------------------------------------------
(0131324) gilles (reporter) - 2011-01-31 22:57
https://issues.asterisk.org/view.php?id=18674#c131324
----------------------------------------------------------------------
I could apply the patch thanks, but I'm not sure it worked.
I still get the following error message and log when calling from the SIP
Phone (Yealink T20) to PhonerLite (1.85) both configured with TLS/sRTP :
== Using SIP RTP CoS mark 5
== SRTP_CRYPTO_SUITE is set to 0.
== SRTP_CRYPTO_SUITE is set to 1.
-- Executing [8002 at from-sip:1] Dial("SIP/8001-00000006",
"SIP/phonerlite1") in new stack
== Using SIP RTP CoS mark 5
== Encrypted Media is required, offering suite 1.
== SRTP_CRYPTO_SUITE is set to 1.
== Selecting 'AES_CM_128_HMAC_SHA1_80' for srtp crypto offer.
-- Called phonerlite1
-- SIP/phonerlite1-00000007 is ringing
== SRTP_CRYPTO_SUITE is set to 1.
-- SIP/phonerlite1-00000007 answered SIP/8001-00000006
== Selecting 'AES_CM_128_HMAC_SHA1_80' for srtp crypto offer.
[Feb 1 12:50:02] WARNING[22703]: res_srtp.c:338 ast_srtp_unprotect: SRTP
unprotect: authentication failure
Although, I get this error message, when listening with Cain, I can hear
that calls are well encrypted.
But when I call from PhonerLite to the SIP Phone, it doesn't even ring and
I get the following log and error message :
== Using SIP RTP CoS mark 5
== SRTP_CRYPTO_SUITE is set to 0.
== SRTP_CRYPTO_SUITE is set to 1.
-- Executing [8001 at from-sip:1] Dial("SIP/phonerlite1-00000004",
"SIP/8001") in new stack
== Using SIP RTP CoS mark 5
== Encrypted Media is required, offering suite 1.
== SRTP_CRYPTO_SUITE is set to 1.
== Selecting 'AES_CM_128_HMAC_SHA1_80' for srtp crypto offer.
-- Called 8001
[Feb 1 12:47:21] ERROR[22702]: tcptls.c:375 ast_tcptls_client_start:
Unable to connect SIP socket to 10.100.6.2:5062: Connection refused
Issue History
Date Modified Username Field Change
======================================================================
2011-01-31 22:57 gilles Note Added: 0131324
======================================================================
More information about the asterisk-bugs
mailing list