<div><div dir="auto">According to the documentation, the prefix for sdes flags is ‘SDES-‘ (dash not equal).</div><div dir="auto"><br></div><div dir="auto">-ovidiu</div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 6, 2020 at 10:45 Robert Dyck <<a href="mailto:rob.dyck@telus.net">rob.dyck@telus.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">Perhaps you misinterpreted my wording. I actually tired SDES=off but crypto <br>
attributes were still inserted..<br>
<br>
It is a bit strange that ICE=force should arbitrarily add the crypto.<br>
<br>
On Monday, July 6, 2020 12:25:44 A.M. PDT Răzvan Crainea wrote:<br>
> You should use the SDES-off flag to rtoengine.<br>
> <br>
> Best regards,<br>
> <br>
> Răzvan Crainea<br>
> OpenSIPS Core Developer<br>
> <a href="http://www.opensips-solutions.com" rel="noreferrer" target="_blank">http://www.opensips-solutions.com</a><br>
> <br>
> On 7/4/20 10:34 PM, Robert Dyck wrote:<br>
> > I have run into an issue with rtpengine and the ICE=force option.<br>
> > <br>
> > To quote the rtpengine README<br>
> > <br>
> > With `force`, ICE attributes are first stripped, then new attributes are<br>
> > <br>
> > generated and inserted, which leaves the media proxy as the only<br>
> > <br>
> > ICE candidate.<br>
> > <br>
> > When using the force option where I think it will be appropriate I found<br>
> > it also adds crypto attributes. I believe this invokes SDES security. If<br>
> > the setup attribute is also present ( DTLS security ) the call fails<br>
> > with bad description. SDES=off does not prevent this behaviour. The<br>
> > error message from the UA says there cannot be both.<br>
> > <br>
> > a=crypto:1 AES_CM_128_HMAC_SHA1_80<br>
> > inline:/msDyiV8x6qpcH4m1iEmxo8aqAAhhkGctQbxvkNy<br>
> > <br>
> > a=crypto:2 AES_CM_128_HMAC_SHA1_32<br>
> > inline:JgDv7fMfKd1GQcFq9Jn0tMf1C5DE0VaRDe6Js8D6<br>
> > <br>
> > a=crypto:3 AES_192_CM_HMAC_SHA1_80<br>
> > inline:CiCkAETMov/tbVsqykp7j3/PB7aUfQjv+nozBQuOUMBnJlrm8bU<br>
> > <br>
> > a=crypto:4 AES_192_CM_HMAC_SHA1_32<br>
> > inline:6ktVsgwfiGg4US2BLWuV3XpCt0fvkiuFgcEr8n83KDln8w9ar+c<br>
> > <br>
> > a=crypto:5 AES_256_CM_HMAC_SHA1_80<br>
> > inline:l1pr/67vqwthDdnRoSaTbGvRPBNP7uHIhjfeG8InuqWQZjLkumU5MVKz2mAujw<br>
> > <br>
> > a=crypto:6 AES_256_CM_HMAC_SHA1_32<br>
> > inline:V+K2bK8Zahr9KX7zswVwM2cpZ+/g8hMD4a5PmJzncH8WgDnCH/xLH0CFRwYKgg<br>
> > <br>
> > a=crypto:7 F8_128_HMAC_SHA1_80<br>
> > inline:Z00dhmeQwuttjeRawylGKannT7KbBZhDExDxETNo<br>
> > <br>
> > a=crypto:8 F8_128_HMAC_SHA1_32<br>
> > inline:R5Vqt9WQ1wU76GcS7CvDosgbWHRYLV7CRnGre+uV<br>
> > <br>
> > a=crypto:9 NULL_HMAC_SHA1_80<br>
> > inline:TP2aKDSKe8G9E7kd+w7XpOhcItzd0xmBN3g06WC1<br>
> > <br>
> > a=crypto:10 NULL_HMAC_SHA1_32<br>
> > inline:xKFUEuwLpexe84KKCulBSThMx75T74U7/K7qJbKi<br>
> > <br>
> > a=setup:actpass<br>
> > <br>
> > <br>
> > _______________________________________________<br>
> > Users mailing list<br>
> > <a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
> > <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
> <br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">VoIP Embedded, Inc.<br><a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a></div>