[Freeswitch-users] Secure RTP
Jim Burke
jim at evolutiontel.net
Thu May 21 22:47:43 PDT 2009
Hey Brian,
Will have a look at ZRTP :)
Not sure I understand your comments regarding its all over once
receiving the 415 from the B party. Is'nt that what parm
continue_on_fail does? The fact that it sends the invite back out
sorta proves this.
The other point of interest here is that if you set <action
application="export" data="sip_secure_media=true"/> before the first
bridge function it will include the security descriptions in the B leg
INVITE even when the A leg does not have them and the call will
succeed. The B Eyebeam will show the locked padlock while A does not.
>From what I can see in code it is this guy that must stop it all from
happening. TFLAG_SECURE But I dont understand why :(
Regards,
Jim
On Fri, May 22, 2009 at 2:44 PM, Brian West <brian at freeswitch.org> wrote:
> Jim,
> You seem to be making the whole ordeal overly complex for no reason.
>
> <condition field="${sip_has_crypto}"
> expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"
> break="never">
> <!-- export sets it local and on export -->
> <action application="export"
> data="sip_secure_media=${sip_has_crypto}"/>
> <anti-action application="respond" data="503 TURN ON SRTP"/>
> </condition>
> You can not accept the call and send it out and get a 415 back and expect to
> do the process all over again automatically. Once you get the 415 its
> done.. finished OVER gotta do it again. Remember we are a B2BUA not a
> proxy... so its all done per leg.
> If all else fails just go get libzrtp and install it as per the wiki and
> enable zrtp support. Then get zfone for your two PC's and you're done. We
> don't do the trusted man in the middle stuff yet but you can get the same
> end result.
> /b
>
>
>
> On May 21, 2009, at 11:17 PM, Jim Burke wrote:
>
> What I am hoping to acheive is, if the A leg does not have SRTP set
> and no SRTP Descriptors are sent in the INVITE to the B leg, when the
> B leg responds with 415 Bad Security Level this is intercepted and a
> re-invite is sent with the security descriptions so this call, 1,
> terminates and 2, is B leg secure.
>
> Brian West
> brian at freeswitch.org
> -- Meet us at ClueCon! http://www.cluecon.com
>
>
>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
More information about the Freeswitch-users
mailing list