<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EstiloCorreo19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ES" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Good morning, <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I have just corrected what you comment, but that didn’t solve my problem. My problem is that the SIP protocol is not encrypted so even if the RTP is encrypted, you can see all INVITE information
on wireshark. I tryed to solve it adding in the dialplan <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">But the result I get is an error that says
</span><span lang="EN-US">“TLS not supported by profile”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Thank you in advance<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>De:</b> FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org>
<b>En nombre de </b>Brian West<br>
<b>Enviado el:</b> lunes, 26 de septiembre de 2022 17:33<br>
<b>Para:</b> FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org><br>
<b>CC:</b> Pablo Pizarro <pablo.pizarro@airenetworks.es><br>
<b>Asunto:</b> Re: [Freeswitch-users] TLS stops when a call is enabled<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid red 3.0pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="background:#F6FF33">Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">This is a variable: <o:p></o:p></p>
<div>
<p class="MsoNormal"> <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">NOT A PARAM.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">/b<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <<a href="mailto:aina.mestre@airenetworks.es">aina.mestre@airenetworks.es</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Good morning,
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP, and I can establish a conversation with TLS, but when I make a call, it says “encrypted alert” and the
TLS conversation stops sending the INVITE in TCP. I have been looking for some solutions and it states that the problema may be that the certificate is not properly configured or that TLS is not properly configured. It is imposible that the certificate has
any problems because I currently get TLS untill the call starts. <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Here it is the configuration on my profile:
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name='bind-params" value="tls"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name='tls-version' value='tlsv1'/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name='register-transport' value='tls'/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="register" value="false"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="transport" value="tls"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls" value="$${internal_ssl_enable}"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-only" value="true"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-bind-params" value="transport=tls"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-sip-port" value="$${internal_tls_port}"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-verify-date" value="true"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-verify-policy" value="none"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-version" value="$${sip_tls_version}"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="tls-ciphers" value="$${sip_tls_ciphers}"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="contact-params" value="tport=tls"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <param name="ws-binding" value="XX.XX.XX.XX:5061"/></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Also, I would like to make another observation: when I configure the bridge has transport=TLS ( <action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>)
in the dialplan, the debug says “TLS not supported by profile”</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Thank you for taking the time to deal with my queries</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Kind regards.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal">_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" target="_blank">
https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" target="_blank">
https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt"><o:p> </o:p></span></p>
</div>
<div>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">Brian West | Co-founder and Developer</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">Need Commercial support? email
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </span>
<span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">FreeSWITCH Solutions |
<a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" target="_blank">
<span style="color:#1155CC">17345 Civic Drive #2531 Brookfield, WI 53045</span></a></span><span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">Email: </span>
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#1155CC"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span><span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">Mobile: 918-424-9378</span><span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:4.5pt;margin-bottom:.0001pt">
<span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:black">Website:
</span><span style="font-size:9.5pt;color:black"><a href="https://www.freeswitch.com/" target="_blank"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#1155CC">https://www.FreeSWITCH.com</span></a></span><span style="font-size:9.5pt"><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:black"><a href="https://www.facebook.com/freeswitch" target="_blank"><span style="text-decoration:none"><img border="0" width="31" height="31" style="width:.325in;height:.325in" id="_x0000_i1025" src="https://lh6.googleusercontent.com/AYfRoSNaDNtMPRMevPn_GqcVEMd5NDRFi0GlluGUWzV6I5TAY_3T2-Tt0IuIXeUtEdYsgNsM8DOYKRKhjmrG_-n2Ga-LCnoNk46sO8VyEma1sBFYdiGJcLRUvkrD1CYHN79qimeg" alt="https://www.facebook.com/signalwireinc?src=email"></span></a></span><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black"><a href="https://twitter.com/freeswitch" target="_blank"><span style="text-decoration:none"><img border="0" width="31" height="31" style="width:.325in;height:.325in" id="_x0000_i1026" src="https://lh3.googleusercontent.com/W4SqXyybH2qdAozvtoKjcz736qOjk9LHDwldvs1ahc-WVU0putVMSsUH474KDrJ32jsqi6JDjyUWxqeEkN5I1xSlC5ShYrd1b8NIMUkDzDrtbWQfa6A_90UcygqesBtRLgeFirKa" alt="https://twitter.com/freeswitch"></span></a></span><span style="font-size:9.5pt"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>