<div dir="auto"><div>Richard, as part of the RFC8760 work we've changed nonce algorithm to be more secure and do not expose as much info to a potential attacker starting with 3.1. It also prevents qop/algorithm "downgrade" attacks on a stateless proxy. But as Bogdan pointed out, there are some options to ignore validation of nonce and just verify digest, which might provide some help in your situation.<div dir="auto"><br></div><div dir="auto">-Maksym</div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 2, 2022, 11:18 AM Richard Revels via Users <<a href="mailto:users@lists.opensips.org">users@lists.opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">If I set a nonce password on a opensips 3.x proxy and the same one on opensips 2.x proxy it is expected behaviour that it still wont match if call starts on opensips 2, is challenged, then INVITE is sent to opensips 3 proxy?</div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><span style="font-family:Arial,Helvetica,sans-serif"> </span><br></div><div><div dir="ltr" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt"><table style="border:none;border-collapse:collapse"><colgroup><col width="150"><col width="474"></colgroup><tbody><tr style="height:93pt"><td style="vertical-align:top;padding:5pt 5pt 5pt 5pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><img src="https://lh6.googleusercontent.com/RHbmOLdT6iYkO7QryjK_2Cp5MZ6rur2H4QGOu09yDtXiT6OXl687J-UpI-8Bt2aDI_EA4WKBBpCrPWaIWdF5RkhjruxRoI7GfYE89_m8r2IBg73T8mPpsJOOOJylFwGMVNyuXZZ2" width="136" height="99" style="border:none" alt="BandwidthMaroon.png"></span></p></td><td style="vertical-align:top;padding:5pt 5pt 5pt 5pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"> </p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">Richard Revels</span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">  </span><span style="font-size:9pt;font-family:Arial;color:rgb(195,195,230);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">•</span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">  </span><span style="font-size:12.8px">System Architect II</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">900 Main Campus Drive, Suite 100, Raleigh, NC 27606</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"> </p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(166,77,121);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">m:</span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> <span title="Call with Google Voice">919-578-3421</span>  </span><span style="font-size:9pt;font-family:Arial;color:rgb(195,195,230);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">•</span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-size:9pt;font-family:Arial;color:rgb(166,77,121);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> o: </span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><span title="Call with Google Voice">919-727-4614</span></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:9pt;font-family:Arial;color:rgb(166,77,121);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">e: </span><span style="font-size:9pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:rrevels@bandwidth.com" target="_blank" rel="noreferrer">rrevels@bandwidth.com</a></span></p></td></tr></tbody></table></div></span></div></div></div></div></div></div></div></div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div></div></div>