[Freeswitch-users] srtp clarification

Mitch Capper mitch.capper at gmail.com
Mon Mar 7 19:05:17 MSK 2011


Hi Mitch,
We will be updating the SRTP/TLS guides shortly with some additional
information.  Please stop by the IRC channel we can certainly
troubleshoot a bit faster there  (I am MitchCapper on irc).   What
error are you having with SRTP?  Make sure you have the jitter buffer
disabled as right now it will break SRTP.  Finally you can use sofia
loglevel tport 9 to turn most of the encryption layer debugging log
messages up and see if you see anything there.  Also make sure you are
running trunk if you can, there were some other bugs with TLS/SRTP
that were only fixed recently.

~Mitch

On Sun, Mar 6, 2011 at 1:18 PM, Mitch Johnson <mitch.johnson7 at gmail.com> wrote:
> I do understand the need for tls, I have no issues with tls, it works fine,
> it's the srtp I haven't managed to get working.
> Thanks for your reply.
> Mitch
>
> From: Steven Ayre <steveayre at gmail.com>
> Date: March 6, 2011 2:05:17 PM EST
> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> Subject: Re: [Freeswitch-users] srtp clarification
> Reply-To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>
>
> The problem comes in when I require SRTP only on the phones.
>
> If you use SRTP without TLS, you get no security at all. The
> encryption key used for the SRTP is passed within the SIP signalling.
> Unless you encrypt that then anyone intercepting the call can get the
> key from the signalling and then decrypt the media at will.
>
> -Steve
>
>
>
> On 6 March 2011 16:43, Mitch Johnson <mitch.johnson7 at gmail.com> wrote:
>
> My previous post may have suggested that the TLS/SRTP was not working.
>  Where in fact, the TLS works like a charm.
>
> The problem comes in when I require SRTP only on the phones.  When SRTP s
> turned off it works great, and so does TLS.
>
> I've been trying to understand how the voice part of the call is setup using
> SRTP.  When I go through the logs, I don't see anything that says that SRTP
> failed anywhere.  I'm pretty sure it's somewhere in my configuration.  In
> Asterisk I had to define the transport mechanism of tls and encryption=yes
> to make it supposed to work.  But then I never got it working there either,
> the difference with Asterisk is that it was showing SRTP as failing, but
> there's a bug causing that so it was pretty much a brick wall for me.
>
> Am I supposed to do something under the user profile or somewhere else where
> that call is encrypted using SRTP?  I followed the TLS and SRTP guides to do
> the setup.
>
> Any help on this would be greatly appreciated.  As with any problem, it's
> consuming my life until I can sort it out.
>
> Thanks so much ahead of time,
>
> Mitch
>
> _______________________________________________
>
> FreeSWITCH-users mailing list
>
> FreeSWITCH-users at lists.freeswitch.org
>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>
> http://www.freeswitch.org
>
>
>
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



More information about the FreeSWITCH-users mailing list