[asterisk-bugs] [Asterisk 0018674]: [patch] Unable to choose which SRTP suite to offer
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Mar 2 07:31:12 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18674
======================================================================
Reported By: bbeers
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18674
Category: Channels/chan_sip/SRTP
Reproducibility: always
Severity: minor
Priority: normal
Status: acknowledged
Asterisk Version: SVN
JIRA: SWP-3142
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 303637
Request Review:
======================================================================
Date Submitted: 2011-01-25 09:56 CST
Last Modified: 2011-03-02 07:31 CST
======================================================================
Summary: [patch] Unable to choose which SRTP suite to offer
Description:
Setting encryption=yes in sip.conf will cause asterisk to
generate a line in SIP INVITE SDP:
a=crypto: AES_CM_128_HMAC_SHA1_80 ...
There is no way to specify that asterisk should offer
AES_CM_128_HMAC_SHA1_32 instead of
AES_CM_128_HMAC_SHA1_80.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
has duplicate 0018893 Can't provide secure audio requested in...
related to 0018187 Indicate SRTP + Feature reqest
======================================================================
----------------------------------------------------------------------
(0132515) keys (reporter) - 2011-03-02 07:31
https://issues.asterisk.org/view.php?id=18674#c132515
----------------------------------------------------------------------
I have been using 05.patch with encryption=aes_32.
I am still getting these messages in log:
Outbound call from softphone TLS+SRTP (encryption=aes_32) to server A onto
server B using iax2:
chan_iax2.c: -- Format for call is ulaw
app_dial.c: -- IAX2/SSS-17853 is making progress passing it to
SIP/101-00000185
sip/sdp_crypto.c: == Selecting 2 (AES_CM_128_HMAC_SHA1_32) for srtp
crypto offer.
res_srtp.c: SRTP unprotect: unsupported parameter
res_srtp.c: SRTP unprotect: authentication failure
Inbound call from server B to server A using iax2 and then onto softphone
using TLS+SRTP (encryption=aes_32):
netsock2.c: == Using SIP RTP TOS bits 184
netsock2.c: == Using SIP RTP CoS mark 5
chan_sip.c: == Encrypted Media is required, offering suite 2
(AES_CM_128_HMAC_SHA1_32).
chan_sip.c: == SRTP_CRYPTO_SUITE is set to 32
(AES_CM_128_HMAC_SHA1_32).
sip/sdp_crypto.c: == Selecting 2 (AES_CM_128_HMAC_SHA1_32) for srtp
crypto offer.
app_dial.c: -- Called 101
app_dial.c: -- SIP/101-00000187 is ringing
res_rtp_asterisk.c: RTP Read too short
chan_sip.c: == SRTP_CRYPTO_SUITE is set to 32
(AES_CM_128_HMAC_SHA1_32).
app_dial.c: -- SIP/101-00000187 answered IAX2/701-11563
pbx.c: -- Executing [s at macro-auto-blkvm:1] Set("SIP/101-00000187",
"__MACRO_RESULT=") in new stack
pbx.c: -- Executing [s at macro-auto-blkvm:2] NoOp("SIP/101-00000187",
"Deleting: BLKVM/700/IAX2/701-11563 TRUE") in new stack
res_srtp.c: SRTP unprotect: authentication failure
Thanks for all your efforts bbeers.
Issue History
Date Modified Username Field Change
======================================================================
2011-03-02 07:31 keys Note Added: 0132515
======================================================================
More information about the asterisk-bugs
mailing list