[OpenSIPS-Users] SDES and DTLS mutually exclusive

Ovidiu Sas osas at voipembedded.com
Mon Jul 6 15:20:24 EST 2020


According to the documentation, the prefix for sdes flags is ‘SDES-‘ (dash
not equal).

-ovidiu

On Mon, Jul 6, 2020 at 10:45 Robert Dyck <rob.dyck at telus.net> wrote:

> Perhaps you misinterpreted my wording. I actually tired SDES=off but
> crypto
> attributes were still inserted..
>
> It is a bit strange that ICE=force should arbitrarily add the crypto.
>
> On Monday, July 6, 2020 12:25:44 A.M. PDT Răzvan Crainea wrote:
> > You should use the SDES-off flag to rtoengine.
> >
> > Best regards,
> >
> > Răzvan Crainea
> > OpenSIPS Core Developer
> > http://www.opensips-solutions.com
> >
> > On 7/4/20 10:34 PM, Robert Dyck wrote:
> > > I have run into an issue with rtpengine and the ICE=force option.
> > >
> > > To quote the rtpengine README
> > >
> > > With `force`, ICE attributes are first stripped, then new attributes
> are
> > >
> > >         generated and inserted, which leaves the media proxy as the
> only
> > >
> > > ICE candidate.
> > >
> > > When using the force option where I think it will be appropriate I
> found
> > > it also adds crypto attributes. I believe this invokes SDES security.
> If
> > > the setup attribute is also present ( DTLS security ) the call fails
> > > with bad description. SDES=off does not prevent this behaviour. The
> > > error message from the UA says there cannot be both.
> > >
> > > a=crypto:1 AES_CM_128_HMAC_SHA1_80
> > > inline:/msDyiV8x6qpcH4m1iEmxo8aqAAhhkGctQbxvkNy
> > >
> > > a=crypto:2 AES_CM_128_HMAC_SHA1_32
> > > inline:JgDv7fMfKd1GQcFq9Jn0tMf1C5DE0VaRDe6Js8D6
> > >
> > > a=crypto:3 AES_192_CM_HMAC_SHA1_80
> > > inline:CiCkAETMov/tbVsqykp7j3/PB7aUfQjv+nozBQuOUMBnJlrm8bU
> > >
> > > a=crypto:4 AES_192_CM_HMAC_SHA1_32
> > > inline:6ktVsgwfiGg4US2BLWuV3XpCt0fvkiuFgcEr8n83KDln8w9ar+c
> > >
> > > a=crypto:5 AES_256_CM_HMAC_SHA1_80
> > > inline:l1pr/67vqwthDdnRoSaTbGvRPBNP7uHIhjfeG8InuqWQZjLkumU5MVKz2mAujw
> > >
> > > a=crypto:6 AES_256_CM_HMAC_SHA1_32
> > > inline:V+K2bK8Zahr9KX7zswVwM2cpZ+/g8hMD4a5PmJzncH8WgDnCH/xLH0CFRwYKgg
> > >
> > > a=crypto:7 F8_128_HMAC_SHA1_80
> > > inline:Z00dhmeQwuttjeRawylGKannT7KbBZhDExDxETNo
> > >
> > > a=crypto:8 F8_128_HMAC_SHA1_32
> > > inline:R5Vqt9WQ1wU76GcS7CvDosgbWHRYLV7CRnGre+uV
> > >
> > > a=crypto:9 NULL_HMAC_SHA1_80
> > > inline:TP2aKDSKe8G9E7kd+w7XpOhcItzd0xmBN3g06WC1
> > >
> > > a=crypto:10 NULL_HMAC_SHA1_32
> > > inline:xKFUEuwLpexe84KKCulBSThMx75T74U7/K7qJbKi
> > >
> > > a=setup:actpass
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-- 
VoIP Embedded, Inc.
http://www.voipembedded.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200706/5f8ef6cd/attachment.html>


More information about the Users mailing list