[Freeswitch-users] optional SRTP
Levend Sayar
levend.sayar at karel.com.tr
Sat Feb 23 00:12:42 MSK 2013
Thanks for your responses.
So afaiu
m=audio RTP/AVP
a=crypto
Is invalid due to spec. What Steve pointed is a Microsoft deviation.
So for optional RTP, SDP must look like something like this ?
m=audio RTP/AVP
a=blabla
m=audio RTP/SAVP
a=crypto
Namely contain both RTP/AVP and RTP/SAVP profiles. And callee can choose whatever it prefers. RTP or SRTP.
Brian, I will test the parameters you gave ASAP and say the result.
I really appreciate your help guys.
_lvnd_
{^_^}
On 22 Şub 2013, at 19:09, "Steven Ayre" <steveayre at gmail.com<mailto:steveayre at gmail.com>> wrote:
The confusion was mine on an earlier thread. I said that, based on something on another mailing list that I can't find now (sip-implementors?).
That post might have been inspired by this which states RTP/AVP with a=crypto allows SRTP desired but not required - but only because it 'deviates from the specification in RFC4568'
http://msdn.microsoft.com/en-us/library/dd948772(v=office.12).aspx
I guess such devices are what the NDLB parameter is for.
The previous thread was 'SRTP disabling' where Levand has a phone that allows optional SRTP but only offers RTP/SAVP in its SDP with no RTP/AVP profile offered so FS cannot/won't send plain RTP to the SRTP port. Which I'd say is correct behaviour and a broken phone.
Steve
On 22 Feb 2013, at 17:27, Brian West <brian at freeswitch.org<mailto:brian at freeswitch.org>> wrote:
crypto in RTP/AVP is invalid per the spec.
You are required to send two rtp profiles one with RTP/AVP or RTP/SAVP
To get around this in your broken device you can set the variable sip_allow_crypto_in_avp or set profile param NDLB-allow-crypto-in-avp
--
Brian West
brian at freeswitch.org<mailto:brian at freeswitch.org>
FreeSWITCH Solutions, LLC
PO BOX PO BOX 2531
Brookfield, WI 53008-2531
Twitter: @FreeSWITCH_Wire
T: +1.918.420.9266 | F: +1.918.420.9267 | M: +1.918.424.WEST
iNUM: +883 5100 1420 9266
ISN: 410*543
On Feb 22, 2013, at 10:08 AM, Ken Rice <krice at freeswitch.org<mailto:krice at freeswitch.org>> wrote:
FreeSWITCH Support SIP/TLS, SRTP and ZRTP, the error message you are refering to below is where someone has improperly implemented SRTP and is sending the crypto headers in the wrong spots. See the Wiki for setting up secure calling.
Also please note, if you are going to use SRTP, you _must_ use SIP/TLS as the keys for SRTP are passed in the SDP of the SIP messaging. You can use ZRTP without using SIP/TLS as the key exchange for ZRTP happens as a DH exchange in the ZRTP stream, but if you want to protect the contents of the SIP messaging you’ll still want to use SIP/TLS.
K
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<http://lists.freeswitch.org/mailman/options/freeswitch-users>
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<http://lists.freeswitch.org/mailman/options/freeswitch-users>
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130222/388a8562/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list