[asterisk-bugs] [JIRA] (ASTERISK-28167) 256 cipher during outgoing calls
Malcolm Davenport (JIRA)
noreply at issues.asterisk.org
Fri Nov 16 16:33:47 CST 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-28167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Malcolm Davenport updated ASTERISK-28167:
-----------------------------------------
Labels: pjsip (was: pjsip security)
> 256 cipher during outgoing calls
> --------------------------------
>
> Key: ASTERISK-28167
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28167
> Project: Asterisk
> Issue Type: Bug
> Components: pjproject/pjsip
> Affects Versions: 15.6.1
> Environment: Debian 9 x86_64
> OpenSSL 1.1.0f 25 May 2017
> openssl ciphers:
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
> Reporter: Evgeny
> Assignee: Evgeny
> Severity: Minor
> Labels: pjsip
>
> Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
> Asterisk doesn't provide more that one cipher for establishing media in SDP
> {noformat}
> [ log ]
> [ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
> xv=0
> xo=- 1214669129 1214669129 IN IP4 172.25.73.249
> xs=Asterisk
> xc=IN IP4 172.25.73.249
> xt=0 0
> xm=audio 19716 RTP/SAVP 18 8 0 101
> xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:8 PCMA/8000
> xa=rtpmap:0 PCMU/8000
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-16
> xa=ptime:20
> xa=maxptime:150
> xa=sendrecv
> {noformat}
> During incoming call SDP has multiple ciphers
> {noformat}
> [ log ]
> [ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
> xv=0
> xo=- 1192253840736 1 IN IP4 91.25...
> xs=Cpc session
> xc=IN IP4 91.25...
> xt=0 0
> xm=audio 48112 RTP/SAVP 18 101
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-15
> xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
> xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
> xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
> xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
> xa=sendrecv
> xa=nortpproxy:yes
> {noformat}
> Clients agree to 256 cipher
> [ log ]
> https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list