[asterisk-bugs] [JIRA] (ASTERISK-28167) 256 cipher during outgoing calls

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Fri Nov 16 16:00:47 CST 2018 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Harwell updated ASTERISK-28167:
-------------------------------------

    Description: 
Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
Asterisk doesn't provide more that one cipher for establishing media in SDP
{noformat}
[ log ]
[ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
xv=0
xo=- 1214669129 1214669129 IN IP4 172.25.73.249
xs=Asterisk
xc=IN IP4 172.25.73.249
xt=0 0
xm=audio 19716 RTP/SAVP 18 8 0 101
xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:8 PCMA/8000
xa=rtpmap:0 PCMU/8000
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-16
xa=ptime:20
xa=maxptime:150
xa=sendrecv
{noformat}

During incoming call SDP has multiple ciphers
{noformat}
[ log ]
[ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
xv=0
xo=- 1192253840736 1 IN IP4 91.25...
xs=Cpc session
xc=IN IP4 91.25...
xt=0 0
xm=audio 48112 RTP/SAVP 18 101
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-15
xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
xa=sendrecv
xa=nortpproxy:yes
{noformat}
Clients agree to 256 cipher

[ log ]
https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom

  was:
Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
Asterisk doesn't provide more that one cipher for establishing media in SDP

[ log ]
[ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
xv=0
xo=- 1214669129 1214669129 IN IP4 172.25.73.249
xs=Asterisk
xc=IN IP4 172.25.73.249
xt=0 0
xm=audio 19716 RTP/SAVP 18 8 0 101
xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:8 PCMA/8000
xa=rtpmap:0 PCMU/8000
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-16
xa=ptime:20
xa=maxptime:150
xa=sendrecv

During incoming call SDP has multiple ciphers

[ log ]
[ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
xv=0
xo=- 1192253840736 1 IN IP4 91.25...
xs=Cpc session
xc=IN IP4 91.25...
xt=0 0
xm=audio 48112 RTP/SAVP 18 101
xa=rtpmap:18 G729/8000
xa=fmtp:18 annexb=no
xa=rtpmap:101 telephone-event/8000
xa=fmtp:101 0-15
xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
xa=sendrecv
xa=nortpproxy:yes

Clients agree to 256 cipher

[ log ]
https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom


> 256 cipher during outgoing calls
> --------------------------------
>
>                 Key: ASTERISK-28167
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28167
>             Project: Asterisk
>          Issue Type: Bug
>          Components: pjproject/pjsip
>    Affects Versions: 15.6.1
>         Environment: Debian 9  x86_64
> OpenSSL 1.1.0f  25 May 2017
> openssl ciphers:
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
>            Reporter: Evgeny
>            Severity: Minor
>              Labels: pjsip, security
>
> Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
> Asterisk doesn't provide more that one cipher for establishing media in SDP
> {noformat}
> [ log ]
> [ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
> xv=0
> xo=- 1214669129 1214669129 IN IP4 172.25.73.249
> xs=Asterisk
> xc=IN IP4 172.25.73.249
> xt=0 0
> xm=audio 19716 RTP/SAVP 18 8 0 101
> xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:8 PCMA/8000
> xa=rtpmap:0 PCMU/8000
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-16
> xa=ptime:20
> xa=maxptime:150
> xa=sendrecv
> {noformat}
> During incoming call SDP has multiple ciphers
> {noformat}
> [ log ]
> [ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
> xv=0
> xo=- 1192253840736 1 IN IP4 91.25...
> xs=Cpc session
> xc=IN IP4 91.25...
> xt=0 0
> xm=audio 48112 RTP/SAVP 18 101
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-15
> xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
> xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
> xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
> xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
> xa=sendrecv
> xa=nortpproxy:yes
> {noformat}
> Clients agree to 256 cipher
> [ log ]
> https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list