<span>Hi Mike,</span><div><br></div><div>This was with rtp_secure_media=optional</div><div><br></div><div>If I use any other value of rtp_secure_media it works as expected. If that has to be the workaround then so be it.</div><div><br></div><div>Kind regards,<br><br><div class="gmail_quote"><div dir="ltr">On Wed, 23 May 2018, 16:17 Michael Jerris, <<a href="mailto:mike@jerris.com">mike@jerris.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space">After review with the zoiper team, it looks like this re-invite is trying to force srtp, while using UDP, something which is generally bad security practice, and because of this, something that zoiper does not support. If you wish to create an SRTP call with zoiper you should do so at the start of the call, and using TLS for signaling for security.<div><br><div><br><blockquote type="cite"></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div>On May 19, 2018, at 3:12 AM, Andrew Cassidy <<a href="mailto:andrew@cassidywebservices.co.uk" target="_blank">andrew@cassidywebservices.co.uk</a>> wrote:</div><br class="m_7663738992184948856Apple-interchange-newline"></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div>Thanks Michael,<div><br></div><div>They're basically being all high and mighty about it. I've suggested that handling the call should be consistent, they either don't reject the reinvite, or they reject the initial invite but have told me this issue is "by design".</div><div><br></div><div>We have workarounds as previously mentioned so it's not the end of the world. I might have to reconsider whether I continue to use them in the long term.</div><div><br></div></div></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div><div>Kind regards,<br><br><div class="gmail_quote"></div></div></div></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div><div><div class="gmail_quote"><div dir="ltr">On Fri, 18 May 2018, 16:19 Michael Jerris, <<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>> wrote:<br></div></div></div></div></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">After review of the sip trace, I’d report that one to the zoiper guys. There is no reason they should reject the call in that case.<br>
<br>
> On May 17, 2018, at 4:48 PM, Andrew Cassidy <<a href="mailto:andrew@cassidywebservices.co.uk" target="_blank">andrew@cassidywebservices.co.uk</a>> wrote:<br>
> <br>
> Good afternoon All,<br>
> <br>
> I have experienced the following issue with Zoiper specifically (I have a support ticket open with them currently) and was wondering if it's something that could/should be fixed FreeSWITCH side.<br>
> <br>
> If rtp_secure_media is set to optional, and SRTP is disabled on Zoiper, when FreeSWITCH sends the Re-INVITE, it sends crypto lines. Zoiper then replies with a 514 Unsupported Media Type and the timer refresh fails, causing Zoiper to hang up the call.<br>
> <br>
> My current feeling is that as Zoiper ignored the crypto on the initial INVITE it should be them that then handles the Re-INVITE consistently by also ignoring the crypto lines but I'm not familiar enough with the RFCs to make a judgement.<br>
> <br>
> The workaround is to either enable SRTP in Zoiper or don't set rtp_secure_media to optional when Zoiper is in use.<br>
> <br>
> Kind regards,<br>
> <br></blockquote></div></div></div></blockquote></div></div></div><div style="word-wrap:break-word;line-break:after-white-space"><div><div><blockquote type="cite"><div><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=</blockquote></div></div></div></blockquote></div><br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></blockquote></div></div>