[Freeswitch-users] Passwords in clear text

Peter P GMX Prometheus001 at gmx.net
Thu Oct 23 07:07:03 EDT 2008


OK, I got it. The replay vulnerability only happens when key exchange is
done via unencrypted SIP. I understand that with TLS the Invite message
cannot be replayed as it cannot be seen in clear text.


Brian West schrieb:
> Its called TLS...
>
> /b
>
> On Oct 21, 2008, at 4:30 PM, Peter P GMX wrote:
>
>   
>> In our environment DTMF is of course transported via SRTP so this is
>> more secure (although the key exchange by SDES is known to have  
>> security
>> issues, as rtp streams may be replayed by a 3rd party, there is no
>> replay prevention mechanism in SDES and therefore also not in
>> freeswitch, hein?).
>>     
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>   



More information about the Freeswitch-users mailing list