sip_secure_media also covers SRTP without ZRTP. It's actually used elsewhere too, but aliased.<div><br></div><div><div>src/mod/endpoints/mod_sofia/mod_sofia.h:115:#define SOFIA_SECURE_MEDIA_VARIABLE "sip_secure_media"</div>
<div><br></div><div>Search the source tree for SOFIA_SECURE_MEDIA_VARIABLE and you'll see it's used in a number of other places too.</div><div><br></div><div>-Steve</div><div><br></div><div><br></div><br><div class="gmail_quote">
On 13 February 2013 17:13, Levend Sayar <span dir="ltr"><<a href="mailto:levend.sayar@karel.com.tr" target="_blank">levend.sayar@karel.com.tr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div>
Hi again.<br>
<br>
I checked the FS code and i see that rpm i am using is built with ZRTP disabled.<br>
There is only one place that "sip_secure_media" on the code. That is on switch_rtp.c<br>
<br>
#ifdef ENABLE_ZRTP<br>
if (zrtp_on) {<br>
switch_rtp_t *master_rtp_session = NULL<br>
<br>
int initiator = 0;<br>
const char *zrtp_enabled = switch_channel_get_variable(channel, "zrtp_secure_media");<br>
const char *srtp_enabled = switch_channel_get_variable(channel, "sip_secure_media");<br>
<br>
<br>
So since ENABLE_ZRTP is 0, i don't have chance to use "sip_secure_media" variable.<br>
<br>
Is there any other variable that i can use and make sofia module not to choose SRTP ?<br>
<br>
<br>
<table cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td>
<pre>_lvnd_
{^_^}
</pre>
</td>
</tr>
</tbody>
</table><div><div class="h5">
On Thu, 2013-02-07 at 13:54 +0000, Levend Sayar wrote:<br>
</div></div><blockquote type="CITE"><div><div class="h5">But the very same phone calls another phone and talk with RTP, not SRTP if the peer does not accept SRTP<br>
<br>
Here is the SDP offer by the same phone<br>
<br>
v=0<br>
o=- <a href="tel:20186%2020186" value="+12018620186" target="_blank">20186 20186</a> IN IP4 192.168.173.69<br>
s=SDP data<br>
c=IN IP4 192.168.173.69<br>
t=0 0<br>
m=audio 11782 RTP/SAVP 0 8 18 9 101<br>
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:NzFmYjdiMjk1OTY2ODQwYzExZjM0ZmE2NGM0YWMw<br>
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:M2MxMTE2OWFjOGY2ZjEwADEzZmZkNzAxNjRlMzFm<br>
a=crypto:3 F8_128_HMAC_SHA1_80 inline:NjkzZDg2Mjk0ZTkxMjg1YzdmYjFiNjRlMmFhNGFm<br>
a=rtpmap:0 PCMU/8000<br>
a=rtpmap:8 PCMA/8000<br>
a=rtpmap:18 G729/8000<br>
a=fmtp:18 annexb=no<br>
a=rtpmap:9 G722/8000<br>
a=fmtp:101 0-15<br>
a=rtpmap:101 telephone-event/8000<br>
a=ptime:20<br>
a=sendrecv<br>
<br>
And here is the SDP answer sent by the other phone<br>
<br>
v=0<br>
o=- 20029 20029 IN IP4 192.168.173.65<br>
s=SDP data<br>
c=IN IP4 192.168.173.65<br>
t=0 0<br>
m=audio 11794 RTP/SAVP 0 101<br>
a=rtpmap:0 PCMU/8000<br>
a=sendrecv<br>
a=ptime:20<br>
a=fmtp:101 0-15<br>
a=rtpmap:101 telephone-event/8000<br>
<br>
<br>
<br>
<br>
</div></div><table cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td>
<pre>--
</pre>
<br>
<pre>_lvnd_
{^_^}
</pre>
<br>
<br>
<br>
<br>
</td>
</tr>
</tbody>
</table><div><div class="h5">
On Thu, 2013-02-07 at 13:37 +0000, Steven Ayre wrote:<br>
</div></div><blockquote type="CITE"><div><div class="h5">m=audio 11780 RTP/SAVP 0 8 18 9 101 <br>
<br>
<br>
RTP/SAVP means SRTP is mandatory. You need to reconfigure the phone.<br>
<br>
<br>
If the phone sends RTP/AVP then that means plain RTP, and RTP/AVP with a a=crypto attribute means SRTP is optional.<br>
<br>
<br>
-Steve <br>
<br>
<br>
<br>
<br>
On 7 February 2013 13:26, Levend Sayar <<a href="mailto:levend.sayar@karel.com.tr" target="_blank">levend.sayar@karel.com.tr</a>> wrote:<br>
</div></div><blockquote><div><div class="h5">Below is the SDP offer sent by the phone.<br>
<br>
v=0<br>
o=- <a href="tel:20185%2020185" target="_blank">20185 20185</a> IN IP4 192.168.173.69<br>
s=SDP data<br>
c=IN IP4 192.168.173.69<br>
t=0 0<br>
m=audio 11780 RTP/SAVP 0 8 18 9 101<br>
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:MTM2MjVhMGI1NDZjYmRjADU5NWVjNGVkNTNlYzA1<br>
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:YmExYmZhNQAzN2ZjNDgzYTRkNGU2ZjFiN2Q0MmE3<br>
a=crypto:3 F8_128_HMAC_SHA1_80 inline:N2Q2NTRiYQAxZjA3MWY3ZjI1YTI5NjIyM2FjODYw<br>
a=rtpmap:0 PCMU/8000<br>
a=rtpmap:8 PCMA/8000<br>
a=rtpmap:18 G729/8000<br>
a=fmtp:18 annexb=no<br>
a=rtpmap:9 G722/8000<br>
a=fmtp:101 0-15<br>
a=rtpmap:101 telephone-event/8000<br>
a=ptime:20<br>
a=sendrecv<br>
<br>
<br>
<br>
And below is the SDP answer sent by FS<br>
<br>
v=0<br>
o=FreeSWITCH 1360230601 1360230602 IN IP4 192.168.169.114<br>
s=FreeSWITCH<br>
c=IN IP4 192.168.169.114<br>
t=0 0<br>
m=audio 12532 RTP/SAVP 9 101<br>
a=rtpmap:9 G722/8000<br>
a=rtpmap:101 telephone-event/8000<br>
a=fmtp:101 0-16<br>
a=silenceSupp:off - - - -<br>
a=ptime:20<br>
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:l8v0R64H7CP0vEx9j0Ycdbob8bgMCpLDppWGy7Dy<br>
<br>
<br>
<br>
<br>
</div></div><table cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td>
<pre>_lvnd_
{^_^}
</pre>
<br>
<br>
<br>
<br>
<br>
</td>
</tr>
</tbody>
</table><div class="im">
On Thu, 2013-02-07 at 13:09 +0000, Steven Ayre wrote:<br>
<blockquote type="CITE">What I mean is you'll see two separate m=audio lines within the callee's SDP, one for 'RTP/AVP' and one for 'SRTP/AVP'. If there is no m=audio line for RTP/AVP the caller won't know of a port that's expecting RTP. So if the callee only
sends SRTP/AVP the caller can't send RTP. <br>
<br>
<br>
Can you show us the SDP being sent by the phone? <br>
<br>
<br>
-Steve <br>
<br>
<br>
<br>
<br>
<br>
On 7 February 2013 11:01, Levend Sayar <<a href="mailto:levend.sayar@karel.com.tr" target="_blank">levend.sayar@karel.com.tr</a>> wrote:<br>
<blockquote>Thanx Steven. <br>
<br>
<br>
Caller makes the offer for SDP but callee chooses whatever it wants. So caller can offer SRTP but callee can prefer not to talk encrypted. In our case I want FS to choose non secure media.<br>
Phone will offer SRTP on the conference call but FS must prefer RTP, not SRTP.<br>
<br>
<br>
</blockquote>
</blockquote>
</div></blockquote>
</blockquote>
</blockquote>
<br>
<blockquote type="CITE">
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote><br>
_lvnd_ <br>
{^_^} <br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote><div class="im">
<br>
<blockquote type="CITE">
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote><br>
<br>
<br>
On 7 Şub 2013, at 11:13, "Steven Ayre" <<a href="mailto:steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>> wrote:<br>
<br>
<br>
<blockquote type="CITE">It's also going to rely on the phone actually offering RTP/AVP as well as SRTP/AVP in their SDP - without that there'd be nowhere to send insecure RTP.<br>
<br>
<br>
-Steve <br>
<br>
<br>
<br>
<br>
On 6 February 2013 16:09, Levend Sayar <<a href="mailto:levend.sayar@karel.com.tr" target="_blank">levend.sayar@karel.com.tr</a>> wrote:<br>
<blockquote>Thanks Daniel for the reply. <br>
<br>
<br>
I tried <br>
<br>
<br>
<action application="set" data="sip_secure_media=false" /> <br>
<br>
<br>
But did not work. Upon your reply I also tried <br>
<br>
<br>
<action application="set" data="secure_media=false" /> <br>
<br>
<br>
But did not work either. I am doing something wrong ?<br>
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
</div><blockquote type="CITE">
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote><br>
<br>
_lvnd_ <br>
{^_^} <br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
<blockquote type="CITE">
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote type="CITE">
<blockquote><div class="im"><br>
<br>
<br>
On 6 Şub 2013, at 18:00, "Daniel Ivanov" <<a href="mailto:sertys@gmail.com" target="_blank">sertys@gmail.com</a>> wrote:<br>
<br>
<br>
<br>
</div><blockquote type="CITE"><div class="im">Of course you can. Just set the secure_media var to false and you will be srtp-free in sip.<br>
<br>
On Feb 5, 2013 6:06 PM, "Levend Sayar" <<a href="mailto:levend.sayar@karel.com.tr" target="_blank">levend.sayar@karel.com.tr</a>> wrote:<br>
</div><blockquote><div class="im">Hi all.<br>
<br>
I am using FS as a conference server. Some of my phones are using SRTP , some of them not. Both type of phone can<br>
join a conference. FS can talk to each peer with SRTP or not depending on the phone itself.<br>
<br>
My question:<br>
<br>
Is it possible to disable SRTP on FS ?<br>
<br>
I suppose if i can disable SRTP, FS will talk without SRTP with each phone whether they are using SRTP or not.<br>
<br>
TIA<br>
<br>
<br>
</div><table cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<td>
<pre><div class="im"><table cellspacing="0" cellpadding="0" border="1"><tbody><tr><td><font>plain text document attachment (ATT00001)</font> </td></tr></tbody></table>
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</div></pre>
</td>
</tr>
</tbody>
</table>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>