[Freeswitch-users] Secure RTP

Jim Burke jim at evolutiontel.net
Thu May 21 22:47:43 PDT 2009


Hey Brian,

Will have a look at ZRTP :)

Not sure I understand your comments regarding its all over once
receiving the 415 from the B party.  Is'nt that what parm
continue_on_fail does?  The fact that it sends the invite back out
sorta proves this.

The other point of interest here is that if you set <action
application="export" data="sip_secure_media=true"/> before the first
bridge function it will include the security descriptions in the B leg
INVITE even when the A leg does not have them and the call will
succeed.  The B Eyebeam will show the locked padlock while A does not.

>From what I can see in code it is this guy that must stop it all from
happening.  TFLAG_SECURE  But I dont understand why :(

Regards,
Jim




On Fri, May 22, 2009 at 2:44 PM, Brian West <brian at freeswitch.org> wrote:
> Jim,
> You seem to be making the whole ordeal overly complex for no reason.
>
>       <condition field="${sip_has_crypto}"
> expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"
> break="never">
> <!-- export sets it local and on export -->
>         <action application="export"
> data="sip_secure_media=${sip_has_crypto}"/>
> <anti-action application="respond" data="503 TURN ON SRTP"/>
>       </condition>
> You can not accept the call and send it out and get a 415 back and expect to
> do the process all over again automatically.  Once you get the 415 its
> done.. finished OVER gotta do it again.  Remember we are a B2BUA not a
> proxy... so its all done per leg.
> If all else fails just go get libzrtp and install it as per the wiki and
> enable zrtp support.  Then get zfone for your two PC's and you're done.  We
> don't do the trusted man in the middle stuff yet but you can get the same
> end result.
> /b
>
>
>
> On May 21, 2009, at 11:17 PM, Jim Burke wrote:
>
> What I am hoping to acheive is, if the A leg does not have SRTP set
> and no SRTP Descriptors are sent in the INVITE to the B leg, when the
> B leg responds with 415 Bad Security Level this is intercepted and a
> re-invite is sent with the security descriptions so this call, 1,
> terminates and 2, is B leg secure.
>
> Brian West
> brian at freeswitch.org
> -- Meet us at ClueCon!  http://www.cluecon.com
>
>
>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



More information about the Freeswitch-users mailing list