[asterisk-bugs] [JIRA] (ASTERISK-28167) 256 cipher during outgoing calls

Alexander Traud (JIRA) noreply at issues.asterisk.org
Tue Feb 19 03:56:47 CST 2019 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=246251#comment-246251 ] 

Alexander Traud commented on ASTERISK-28167:
--------------------------------------------

AES-256 was added via ASTERISK-26190. If a Bug Marshall had linked that, I might have seen this issue report earlier. Anyway, please, note it’s description, especially the last sentence:
{quote}When you have to go for additional suites on egress, enable those via CFLAGS \[…\]{quote}Consequently, as of today, you cannot enable/configure AES-256 at runtime. Instead, you have to re-configure your Asterisk and compile it again:
{code}make distclean
CFLAGS='-DENABLE_SRTP_AES_256' ./configure
make
sudo make install{code}
If that does not work (anymore; it works here in my Asterisk 13), please, create a new issue report. However, if you want to have this configured at runtime, this would be a [Feature Request…|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Bug+Bounties]

> 256 cipher during outgoing calls
> --------------------------------
>
>                 Key: ASTERISK-28167
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28167
>             Project: Asterisk
>          Issue Type: Bug
>          Components: pjproject/pjsip
>    Affects Versions: 15.6.1
>         Environment: Debian 9  x86_64
> OpenSSL 1.1.0f  25 May 2017
> openssl ciphers:
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
>            Reporter: Evgeny
>            Severity: Minor
>              Labels: pjsip
>
> Outgoing calls from (through) Asterisk 15.6.1 to Bria Mobile 5.4.3.108509 coudn't have cipher more than 128 cipher in SDP.
> Asterisk doesn't provide more that one cipher for establishing media in SDP
> {noformat}
> [ log ]
> [ endpoint -> Asterisk 15.6.1 (PJSIP) -> Bria Mobile ]
> xv=0
> xo=- 1214669129 1214669129 IN IP4 172.25.73.249
> xs=Asterisk
> xc=IN IP4 172.25.73.249
> xt=0 0
> xm=audio 19716 RTP/SAVP 18 8 0 101
> xa=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8uS5QdiGu0CCxCf7BiBNbn58/CemIGWucwznTmpv
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:8 PCMA/8000
> xa=rtpmap:0 PCMU/8000
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-16
> xa=ptime:20
> xa=maxptime:150
> xa=sendrecv
> {noformat}
> During incoming call SDP has multiple ciphers
> {noformat}
> [ log ]
> [ Asterisk 15.6.1 (PJSIP) <- Bria Mobile ]
> xv=0
> xo=- 1192253840736 1 IN IP4 91.25...
> xs=Cpc session
> xc=IN IP4 91.25...
> xt=0 0
> xm=audio 48112 RTP/SAVP 18 101
> xa=rtpmap:18 G729/8000
> xa=fmtp:18 annexb=no
> xa=rtpmap:101 telephone-event/8000
> xa=fmtp:101 0-15
> xa=crypto:1 AES_256_CM_HMAC_SHA1_80 inline:4eKmAS423WOe8GKpO5HuvIZ+T+0326FzMsNT6zXVOCNUrMVmVl6UN8893v1x3Q==
> xa=crypto:2 AES_256_CM_HMAC_SHA1_32 inline:r4afx6ibhJnuI3pwR3pAcu8aJKt9hHGSVh8nVW6bqCMSBAndVyuSEvXkgvAPcw==
> xa=crypto:3 AES_CM_128_HMAC_SHA1_80 inline:O+pJcaai9betFXvpYY80cdawCHGlXeeSp9mlAg+5
> xa=crypto:4 AES_CM_128_HMAC_SHA1_32 inline:usEncd0HMQ2+5bvTOKoJ03PnzLUxp8fabIw7fyII
> xa=sendrecv
> xa=nortpproxy:yes
> {noformat}
> Clients agree to 256 cipher
> [ log ]
> https://community.asterisk.org/t/pjsip-cipher-256/77157/11?u=nodorgrom



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list