[Freeswitch-users] FreeSWITCH offering SRTP on Re-INVITE

Michael Jerris mike at jerris.com
Thu May 24 20:14:41 UTC 2018 

the trace i saw didnt look like optional to me.  was rejecting the non srtp one off the bat


> On May 24, 2018, at 4:03 PM, Andrew Cassidy <andrew at cassidywebservices.co.uk> wrote:
> 
> Hi Mike,
> 
> This was with rtp_secure_media=optional
> 
> If I use any other value of rtp_secure_media it works as expected. If that has to be the workaround then so be it.
> 
> Kind regards,
> 
> On Wed, 23 May 2018, 16:17 Michael Jerris, <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> After review with the zoiper team, it looks like this re-invite is trying to force srtp, while using UDP, something which is generally bad security practice, and because of this, something that zoiper does not support.  If you wish to create an SRTP call with zoiper you should do so at the start of the call, and using TLS for signaling for security.
> 
> 
> 
>> On May 19, 2018, at 3:12 AM, Andrew Cassidy <andrew at cassidywebservices.co.uk <mailto:andrew at cassidywebservices.co.uk>> wrote:
>> 
> 
>> Thanks Michael,
>> 
>> They're basically being all high and mighty about it. I've suggested that handling the call should be consistent, they either don't reject the reinvite, or they reject the initial invite but have told me this issue is "by design".
>> 
>> We have workarounds as previously mentioned so it's not the end of the world. I might have to reconsider whether I continue to use them in the long term.
>> 
> 
>> Kind regards,
>> 
> 
>> On Fri, 18 May 2018, 16:19 Michael Jerris, <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> 
>> After review of the sip trace,  I’d report that one to the zoiper guys.  There is no reason they should reject the call in that case.
>> 
>> > On May 17, 2018, at 4:48 PM, Andrew Cassidy <andrew at cassidywebservices.co.uk <mailto:andrew at cassidywebservices.co.uk>> wrote:
>> > 
>> > Good afternoon All,
>> > 
>> > I have experienced the following issue with Zoiper specifically (I have a support ticket open with them currently) and was wondering if it's something that could/should be fixed FreeSWITCH side.
>> > 
>> > If rtp_secure_media is set to optional, and SRTP is disabled on Zoiper, when FreeSWITCH sends the Re-INVITE, it sends crypto lines. Zoiper then replies with a 514 Unsupported Media Type and the timer refresh fails, causing Zoiper to hang up the call.
>> > 
>> > My current feeling is that as Zoiper ignored the crypto on the initial INVITE it should be them that then handles the Re-INVITE consistently by also ignoring the crypto lines but I'm not familiar enough with the RFCs to make a judgement.
>> > 
>> > The workaround is to either enable SRTP in Zoiper or don't set rtp_secure_media to optional when Zoiper is in use.
>> > 
>> > Kind regards,
>> > 
> 
>> =
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>_________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180524/f9d1ed13/attachment.html>

More information about the FreeSWITCH-users mailing list