[asterisk-bugs] [JIRA] (ASTERISK-20234) SRTP not working with some devices (Eg snom320) - Message "We are requesting SRTP for audio, but they responded without it!"

Alexander Traud (JIRA) noreply at issues.asterisk.org
Fri Jul 25 01:33:56 CDT 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-20234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexander Traud updated ASTERISK-20234:
---------------------------------------

    Attachment: srtp_patches_Asterisk12.diff

Although the attached patch still works today, I added a variant for Asterisk 12 which does not raise any questions/warnings by {{patch}}.

Optional SRTP is quite useful in combination with [RFC 3263|http://tools.ietf.org/html/rfc3263] and direct URI calling: The SIP user-agent queries DNS NAPTR to determine which transport is preferred by the SIP proxy (normally TLS over TCP over UDP). Then, the SIP user-agent uses DNS SRV to find the port and server. All this is determined from the domain part of the SIP-URI. In such a case, no outbound proxy is required.

On a SIP user-agent, this RFC allows:
SIP transport: Automatic
Media transport: SRTP preferred

This is not yet supported by Asterisk, but this is the rationale behind automatic/optional on some user-agents; those clients always use the best encryption offered by the remote proxy. If Asterisk is the fall-back outbound proxy for such a client and if Asterisk *requires* encryption, direct URI calling *breaks*.

Therefore, once again, thank you for this patch. With this my SIP user-agents are still able to do direct URI calling, still trying to negotiate TLS/SRTP.

> SRTP not working with some devices (Eg snom320) - Message "We are requesting SRTP for audio, but they responded without it!"
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20234
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20234
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP
>    Affects Versions: 10.7.0
>         Environment: RHEL5 linux 2.6.18-308.11.1.el5
>            Reporter: tootai
>            Assignee: tootai
>         Attachments: asterisk-20234-sip.conf, full, srtp_patches_Asterisk12.diff, srtp_patches.diff
>
>
> As you can see, snom 320 (latest stable firmware snom320-SIP 8.7.3.10) is annoncing crypto but asterisk doesn't recognize it.
> [Edit by Rusty Newton - removed debug excerpt since full log is now attached]
> And call is not accepted
> -- 
> Daniel



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list