[asterisk-users] Asterisk 11 SRTP: unsupported crypto parameters: UNENCRYPTED_SRTCP

Matthew Jordan mjordan at digium.com
Fri Apr 17 10:28:36 CDT 2015 

On Fri, Apr 17, 2015 at 6:16 AM, Satish Barot <satish4asterisk at gmail.com> wrote:
> Hi All,
>
> I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP.
> On incoming calls from Avaya asterisk complains of 'unsupported crypto
> parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable
> here'
>
> Doesn't Asterisk support  UNENCRYPTED_SRTCP as crypto parameters in sdp?
>
> FYI SDP looks like this.
>
> v=0
> o=- 1429194215 1 IN IP4 XX.XX.XX.XX
> s=-
> c=IN IP4 XX.XX.XX.XX
> b=TIAS:64000
> t=0 0
> a=avf:avc=n prio=n
> a=csup:avf-v0
> m=audio 50096 RTP/SAVP 0 18 120
> a=rtpmap:0 PCMU/8000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:120 telephone-event/8000
> a=ptime:20
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP
>
> And on CLI I see,
>
> DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64
> 7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40
> WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters:
> UNENCRYPTED_SRTCP
> DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP...
> UNSUPPORTED OR FAILED.
> WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without
> encryption details: audio 50096 RTP/SAVP 0 18 120
> VERBOSE[1568][C-00000000] chan_sip.c:
> <--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 --->
> SIP/2.0 488 Not acceptable here
>
> Thanking in advance for any inputs.
>

Asterisk is complaining because placing an "UNENCRYPTED_SRTCP" after
the lifetime parameter in a crypto attribute is part of RFC 4568
(Security Descriptions for Media Streams), which Asterisk does not
support.

You will need to see if the Avaya system can be configured to not send
the attribute.

-- 
Matthew Jordan
Digium, Inc. | Director of Technology
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org

More information about the asterisk-users mailing list