<div>> is there a way to force FreeSWITCH to establish an SRTP call to clients when the originating client does not support SRTP?</div><div><br></div><div>This should work by default, assuming you are setting sip_secure_media in the appropriate place.</div>
<div><br></div><div>FreeSWITCH should negotiate both channels (legs) independently. So if the A-end has no SRTP, that should not prevent FreeSWITCH from sending a INVITE to the B-end with SRTP specified (i.e. SAVP in the SDP with a crypto attribute).</div>
<div><br></div><div>I think "all or nothing" doesn't imply both ends of the call, it implies all calls or none of the calls calls. So an inbound or outbound call without SRTP will be rejected. Hope this makes sense.</div>
<div><br></div><div>However, in the default dialplan there is a condition that will cause FreeSWITCH to implement such a policy. It is commented out by default:</div><div><br></div><div><div> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never"></div>
<div> <action application="set" data="sip_secure_media=true"/></div><div> <!-- Offer SRTP on outbound legs if we have it on inbound. --></div><div> <!-- <action application="export" data="sip_secure_media=true"/> --></div>
<div> </condition></div></div><div><br></div><div>So if you uncommented that export line you would experience the behaviour you described. </div><div><br></div><div>Assuming you have not done that, could it be that Bria is simply rejecting any INVITE with SDP that does not contain an SAVP entry with a crypto attribute? If this was the case you would find all inbound call to that extension failing.</div>
<div><br></div><div>Actually I wonder if this is what happened and then caused you to uncomment the line above, which has led you to your conclusion, as this would cause only calls coming from SRTP devices to work. If so, you'd want to comment it out again and find a different way to create a group for all users with SRTP devices and use a dialplan condition to decide whether or not to export sip_secure_media=true. </div>
<div><br></div><div>Alternatively you could try for some sort of fall-back mechanism but you'd have to think carefully about this to make it secure and/or stable.</div><div><br></div><div>Good luck!</div><div><br></div>
<div>Richard</div><div><br></div><div>PS: In your first paragraph, did you mean Bria for iPhone in both cases?</div><div><br></div>