[asterisk-bugs] [JIRA] (ASTERISK-28167) 256 cipher during outgoing calls

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Fri Nov 16 16:08:47 CST 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=245467#comment-245467 ] 

Kevin Harwell commented on ASTERISK-28167:
------------------------------------------

We require additional debug to continue with triage of your issue. Please follow the instructions on the wiki [1] for how to collect debugging information from Asterisk. For expediency, where possible, attach the debug with a '.txt' file extension so that the debug will be usable for further analysis.

Please also include the SIP trace in the log. You can enable SIP debug for the pjsip channel driver by either using the 'pjsip set logger on' CLI command [1], or setting the 'debug' option in the _pjsip.conf_ file [2]

Also please attach your _pjsip.conf_ configuration (at least the relevant parts).

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information
[2] https://wiki.asterisk.org/wiki/display/AST/Asterisk+16+Configuration_res_pjsip

> 256 cipher during outgoing calls
> --------------------------------
>
>                 Key: ASTERISK-28167
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28167
>             Project: Asterisk
>          Issue Type: Bug
>          Components: pjproject/pjsip
>    Affects Versions: 15.6.1
>         Environment: Debian 9  x86_64
> OpenSSL 1.1.0f  25 May 2017
> openssl ciphers:
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
>            Reporter: Evgeny
>            Severity: Minor
>              Labels: pjsip, security
>
> Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
> Asterisk doesn't provide more that one cipher for establishing media in SDP
> {noformat}
> [ log ]
> [ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
> xv=0
> xo=- 1214669129 1214669129 IN IP4 172.25.73.249
> xs=Asterisk
> xc=IN IP4 172.25.73.249
> xt=0 0
> xm=audio 19716 RTP/SAVP 18 8 0 101
> xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:8 PCMA/8000
> xa=rtpmap:0 PCMU/8000
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-16
> xa=ptime:20
> xa=maxptime:150
> xa=sendrecv
> {noformat}
> During incoming call SDP has multiple ciphers
> {noformat}
> [ log ]
> [ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
> xv=0
> xo=- 1192253840736 1 IN IP4 91.25...
> xs=Cpc session
> xc=IN IP4 91.25...
> xt=0 0
> xm=audio 48112 RTP/SAVP 18 101
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-15
> xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
> xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
> xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
> xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
> xa=sendrecv
> xa=nortpproxy:yes
> {noformat}
> Clients agree to 256 cipher
> [ log ]
> https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list