[asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters
Michael Maier
m1278468 at mailbox.org
Tue Jan 15 12:49:52 CST 2019
Hello!
Deutsche Telekom introduced sips and srtp. I tested it and it works partly. Partly means: sips is working - but not srtp. srtp doesn't work, because of missing additional
headers in the REGISTER and INVITE packages (according an enhancement of RFC 3329).
Example:
UAC Registrar
| |
|----(1) REGISTER------------------------------>|
| Security-Client: sdes-srtp;mediasec |
| Proxy-Require: mediasec |
| Require: mediasec |
| |
|<---(2) 401------------------------------------|
| Security-Server: msrp-tls;mediasec |
| Security-Server: sdes-srtp;mediasec |
| Security-Server: dtls-srtp;mediasec |
| |
|----(3) REGISTER(with Authorization Header)--->|
| Security-Client: sdes-srtp;mediasec |
| Proxy-Require: mediasec |
| Require: mediasec |
| Security-Verify: msrp-tls;mediasec |
| Security-Verify: sdes-srtp;mediasec |
| Security-Verify: dtls-srtp;mediasec |
| |
|<---(4) 200 OK---------------------------------|
| |
| |
|----(5) INVITE-------------------------------->|
| Security-Verify: msrp-tls;mediasec |
| Security-Verify: sdes-srtp;mediasec |
| Security-Verify: dtls-srtp;mediasec |
| a=3ge2ae:requested |
| a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:EpcgtOdT5qd...
| |
|<---(8) 200 OK---------------------------------|
| a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:lnfakjh2sd1..
You can find a complete description here (english language):
https://www.telekom.de/hilfe/downloads/1tr114.pdf
The example can be found on page 115.
They need those mediasec parameters because of there compatibility with the 3GPP standards
(http://www.qtc.jp/3GPP/Specs/33328-920.pdf) which would require an additional signaling of the media plane security.
Is this already implemented or did I miss something else?
Thanks,
regards,
Michael
More information about the asterisk-dev
mailing list