<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Does it work on the latest 1.4 release with the config change he mentioned?<div><br><div><div>On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe &lt;<a href="mailto:cwmarathe@gmail.com">cwmarathe@gmail.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div>Sorry Brian, I should have told the version. My bad. <br>I am using 1.2 stable release. When I hit "git branch -av", it outputs -<br><br>* v1.2.stable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2b62885 fs_cli: fix compiler error on CentOS 6 caused by recent short uuid logging change<br><br></div><div>And from FreeSwitch console, when I hit "version" command, it shows -<br><br>FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git 2b62885 2014-06-30 21:31:13Z 32bit)<br><br></div><div>I went through "vars.xml" and found only one config related with "rtp_secure_media" and that to related with zrtp<br><br>&lt;X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/&gt;<br><br></div><div>Is there any more configuration to do in v1.2 so as to enable end-to-end secure call or shall I move to v1.4 beta?<br></div><div><br></div><div>Thanks.<br></div><div>--<br></div>CWM<br><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 9, 2014 at 9:04 PM, Brian West <span dir="ltr">&lt;<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">You didn't mention what rev you're using, If you're in 1.4 then its rtp_secure_media, please see latest configs and extensive docs in vars.xml about srtp and all the nice knobs you can use to tweak it.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <span dir="ltr">&lt;<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>&gt;</span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="h5"><div dir="ltr"><div><div><span style="font-family:trebuchet ms,sans-serif">Hi All,<br>I have setup FreeSwith PBX. I am facing an issue
 of not having end to end secure call. Caller sends INVITE request with 
SIPS in request URI and RTP/SAVP in SDP. But when FreeSwith forwards the
 request to caller, it is not using RTP/SAVP in SDP.<br><br>I have followed the steps mentioned in WIKI (<a href="https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration" target="_blank">https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration</a>) for TLS configuration and marked "exports sip_secure_media" true in "conf/dialplan/default.xml" file (as per <a href="https://wiki.freeswitch.org/wiki/SRTP" target="_blank">https://wiki.freeswitch.org/wiki/SRTP</a>). But still FreeSwitch does not use RTP/SAVP for leg-B.<br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Also, I am bit confused with following condition in "default.xml" when wiki page suggests that </span><br><span style="font-family:trebuchet ms,sans-serif">late coded negotiation must NOT to be turned on.<br><br>&nbsp;&nbsp;&nbsp; &lt;!--<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Since we have inbound-late-negotation on by default now the<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; above behavior isn't the same so you have to do one extra step.<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&gt;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="set" data="sip_secure_media=true"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!-- Offer SRTP on outbound legs if we have it on inbound. --&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;action application="export" data="sip_secure_media=true"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/condition&gt;<br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">By commenting/un-commenting "</span><span style="font-family:trebuchet ms,sans-serif"><span style="font-family:trebuchet ms,sans-serif">sip_secure_media=true</span>" above, it did not worked.<br></span></div><div><span style="font-family:trebuchet ms,sans-serif"><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Any help with this would be greatly appreciated.<br><br>--<br></span></div><span style="font-family:trebuchet ms,sans-serif">Thanks<br></span></div><span style="font-family:trebuchet ms,sans-serif">CWM<br></span></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font face="courier new, monospace" size="1"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 |&nbsp;<b>ISN:</b>410*543 |&nbsp;<b>Skype:</b>briankwest</font></p></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div></div></div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>http://www.freeswitchsolutions.com<br><br>Official FreeSWITCH Sites<br>http://www.freeswitch.org<br>http://confluence.freeswitch.org<br>http://www.cluecon.com<br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>http://www.cudatel.com<br><br>FreeSWITCH-users mailing list<br>FreeSWITCH-users@lists.freeswitch.org<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org</blockquote></div><br></div></body></html>