<div dir="ltr">Hi,<div><br></div><div>I've been trying to debug why ZRTP negotiation with FS as endpoint takes almost 10 seconds every single time. I remember in the past ZRTP negotiation used to take 2 to 3 seconds at most.</div>
<div><br></div><div>I'm calling MoH extension from CSipSimple with ZRTP enabled to test it out and indeed it always takes 9 seconds to negotiate the ZRTP exchange. And even after it does it successfully and enteres secured state, I still see a lot of errors related to failed decryption.</div>
<div><br></div><div>I have posted the FS and CSipSimple logs on pastebin. FS log here <a href="http://pastebin.com/WNGcpTqB">http://pastebin.com/WNGcpTqB</a> and CSipSimple log here <a href="http://pastebin.com/DfW5gqSW">http://pastebin.com/DfW5gqSW</a></div>
<div><br></div><div><br></div><div>These are the relevant excerpts from FS which may help to shed light as to what's going on. You can see that the zrtp hellos from FS apparently never reach the CSipSimple client:</div>
<div><br></div><div><i>2014-06-10 16:17:55.949864 [DEBUG] switch_rtp.c:1352 [ zrtp engine]: WARNING! HELLO Max retransmissions count reached (20 retries). ID=9</i></div><div><br></div><div>But then you see a five second interval of nothing until CSipSimple's ZRTP hello reaches FS and the negotiation starts:</div>
<div><br></div><div><div><i>2014-06-10 16:17:55.949864 [DEBUG] switch_rtp.c:1352 [ zrtp]: <span class="" style="white-space:pre"> </span>Stream ID=9 CLEAR switching <START> ---> <NOZRTP>.</i></div><div>
<i>2014-06-10 16:18:00.789889 [DEBUG] switch_rtp.c:1352 [ zrtp utils]: Received <Hello > packet with ssrc=0 seq=1/1 size=168. Stream9:CLEAR:NOZRTP.</i></div></div><div><i><br></i></div><div>Once that's successfull indeed ZRTP appears to work properly, although I still see a lot of errors like this:</div>
<div><br></div><div><div>2<i>014-06-10 16:18:01.509898 [DEBUG] switch_rtp.c:1352 [zrtp protoco]: ERROR! Decrypt failed. ID=9:DH s=SRTP authentication failure (RTP size=51 ssrc=690666908 seq=20192/20192 pt=111)</i></div><div>
<i>2014-06-10 16:18:01.509898 [DEBUG] switch_rtp.c:1352 [ zrtp engine]: Add 140 bytes of entropy to the RNG pool.</i></div></div><div><i><br></i></div><div>Now I guess this could be due to dropped packets, but I'm curious if others have seen the same thing in their setups.</div>
<div>Also, I see this message in the FS logs. On the CS logs everything seems to be fine. Why does FS think that CS needs new un-enrolment? I presume that nedpint is actually a typo for endpoint, but this just made me more confused.</div>
<div><br></div><div><div><i>2014-06-10 16:18:01.769867 [DEBUG] switch_rtp.c:1352 [zrtp protoco]: <span class="" style="white-space:pre"> </span>INFO! The user requires new un-enrolment - the nedpint may clear the cache or perform other action. ID=9</i></div>
<div><i>c60c4480-f0ba-11e3-aa6e-ddba267b1226 2014-06-10 16:18:01.769867 [DEBUG] switch_rtp.c:1323 User unenrolled!</i></div><div><i>2014-06-10 16:18:01.769867 [DEBUG] switch_rtp.c:1352 [ zrtp cache]: <span class="" style="white-space:pre"> </span>cache_put() zid1=346638366666393864366363, zis2=3888449c219de624b44b3ece MiTM=NO</i></div>
<div><i>2014-06-10 16:18:01.769867 [DEBUG] switch_rtp.c:1352 [ zrtp cache]: <span class="" style="white-space:pre"> </span>cache_put() Just update existing value.</i></div></div><div><br></div><div><br></div><div>Any ideas as to what's happening?</div>
<div><br></div><div>Thanks</div></div>