[Asterisk-Users] What does the error "stale nonce' mean?
Stewart Nelson
sn at scgroup.com
Sun Oct 2 18:09:03 MST 2005
Hi Paul,
> I'm receiving the following error over and over, adnauseam:
> Oct 1 23:59:53 NOTICE[3194]: chan_sip.c:5890 check_auth: stale nonce received from 'CNAME-CID
> <sip:5551212 at 192.168.1.X>'
> Does anyone know what "stale nonce" is?
> Thanks!
This is normally not an error.
Digest authentication in SIP is very similar to its use in HTTP.
See http://www.ietf.org/rfc/rfc2617.txt .
Details for SIP are at http://www.ietf.org/rfc/rfc3261.txt .
When your client sends an INVITE or a REGISTER, * will challenge with
a pseudo-random nonce (in the 401 or 407 response), and the client
will reissue the request with a corresponding digest; the request
is then accepted if the digest is correct.
If the client needs to reregister or call the same number again,
it is permitted to supply the same digest in the new request, usually
avoiding the need to send two requests. However, if * decides that
the nonce is too old, it will send a new challenge, to make replay
attacks more difficult. * includes stale=true in the authenticate
request, to tell the client that the password was ok and it can
recompute the digest without asking the user to enter new credentials.
Does this happen on REGISTER, on INVITE, or both?
For all clients, all of the same type, or just one device?
How often?
Does the client reissue the request, and does it then succeed?
--Stewart
More information about the asterisk-users
mailing list