<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EstiloCorreo17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ES" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Good morning, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP, and I can establish a conversation with TLS, but when I make a call, it says “encrypted alert” and the TLS conversation stops sending the INVITE in TCP. I have been
looking for some solutions and it states that the problema may be that the certificate is not properly configured or that TLS is not properly configured. It is imposible that the certificate has any problems because I currently get TLS untill the call starts.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here it is the configuration on my profile: <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US"> <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name='bind-params" value="tls"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name='tls-version' value='tlsv1'/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name='register-transport' value='tls'/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="register" value="false"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="transport" value="tls"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls" value="$${internal_ssl_enable}"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-only" value="true"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-bind-params" value="transport=tls"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-sip-port" value="$${internal_tls_port}"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-verify-date" value="true"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-verify-policy" value="none"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-version" value="$${sip_tls_version}"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="tls-ciphers" value="$${sip_tls_ciphers}"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="contact-params" value="tport=tls"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <param name="ws-binding" value="XX.XX.XX.XX:5061"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Also, I would like to make another observation: when I configure the bridge has transport=TLS ( <action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>) in the dialplan, the debug says “TLS not supported
by profile”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thank you for taking the time to deal with my queries<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Kind regards.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ES"><o:p> </o:p></span></p>
</div>
</body>
</html>