[Freeswitch-users] Secure RTP
Brian West
brian at freeswitch.org
Thu May 21 21:44:08 PDT 2009
Jim,
You seem to be making the whole ordeal overly complex for no reason.
<condition field="${sip_has_crypto}"
expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"
break="never">
<!-- export sets it local and on export -->
<action application="export" data="sip_secure_media=$
{sip_has_crypto}"/>
<anti-action application="respond" data="503 TURN ON SRTP"/>
</condition>
You can not accept the call and send it out and get a 415 back and
expect to do the process all over again automatically. Once you get
the 415 its done.. finished OVER gotta do it again. Remember we are a
B2BUA not a proxy... so its all done per leg.
If all else fails just go get libzrtp and install it as per the wiki
and enable zrtp support. Then get zfone for your two PC's and you're
done. We don't do the trusted man in the middle stuff yet but you can
get the same end result.
/b
On May 21, 2009, at 11:17 PM, Jim Burke wrote:
> What I am hoping to acheive is, if the A leg does not have SRTP set
> and no SRTP Descriptors are sent in the INVITE to the B leg, when the
> B leg responds with 415 Bad Security Level this is intercepted and a
> re-invite is sent with the security descriptions so this call, 1,
> terminates and 2, is B leg secure.
Brian West
brian at freeswitch.org
-- Meet us at ClueCon! http://www.cluecon.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090521/57e5abd5/attachment.html
More information about the Freeswitch-users
mailing list