[OpenSIPS-Users] SDES and DTLS mutually exclusive
Răzvan Crainea
razvan at opensips.org
Mon Jul 6 07:25:44 EST 2020
You should use the SDES-off flag to rtoengine.
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 7/4/20 10:34 PM, Robert Dyck wrote:
> I have run into an issue with rtpengine and the ICE=force option.
>
> To quote the rtpengine README
>
> With `force`, ICE attributes are first stripped, then new attributes are
> generated and inserted, which leaves the media proxy as the only
> ICE candidate.
>
> When using the force option where I think it will be appropriate I found
> it also adds crypto attributes. I believe this invokes SDES security. If
> the setup attribute is also present ( DTLS security ) the call fails
> with bad description. SDES=off does not prevent this behaviour. The
> error message from the UA says there cannot be both.
>
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:/msDyiV8x6qpcH4m1iEmxo8aqAAhhkGctQbxvkNy
>
> a=crypto:2 AES_CM_128_HMAC_SHA1_32
> inline:JgDv7fMfKd1GQcFq9Jn0tMf1C5DE0VaRDe6Js8D6
>
> a=crypto:3 AES_192_CM_HMAC_SHA1_80
> inline:CiCkAETMov/tbVsqykp7j3/PB7aUfQjv+nozBQuOUMBnJlrm8bU
>
> a=crypto:4 AES_192_CM_HMAC_SHA1_32
> inline:6ktVsgwfiGg4US2BLWuV3XpCt0fvkiuFgcEr8n83KDln8w9ar+c
>
> a=crypto:5 AES_256_CM_HMAC_SHA1_80
> inline:l1pr/67vqwthDdnRoSaTbGvRPBNP7uHIhjfeG8InuqWQZjLkumU5MVKz2mAujw
>
> a=crypto:6 AES_256_CM_HMAC_SHA1_32
> inline:V+K2bK8Zahr9KX7zswVwM2cpZ+/g8hMD4a5PmJzncH8WgDnCH/xLH0CFRwYKgg
>
> a=crypto:7 F8_128_HMAC_SHA1_80
> inline:Z00dhmeQwuttjeRawylGKannT7KbBZhDExDxETNo
>
> a=crypto:8 F8_128_HMAC_SHA1_32
> inline:R5Vqt9WQ1wU76GcS7CvDosgbWHRYLV7CRnGre+uV
>
> a=crypto:9 NULL_HMAC_SHA1_80 inline:TP2aKDSKe8G9E7kd+w7XpOhcItzd0xmBN3g06WC1
>
> a=crypto:10 NULL_HMAC_SHA1_32
> inline:xKFUEuwLpexe84KKCulBSThMx75T74U7/K7qJbKi
>
> a=setup:actpass
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list