[Freeswitch-users] WebRTC using rtp_sdes_suites=AES_CM_128_HMAC_SHA1_80

[Jerry Chinn]

Good Day,
Running FS 1.6.17 on CentOS 7.4

We are running WebRTC and are required to use AEAD_AES_256_GCM_8 or AEAD_AES_128_GCM_8 for security.
I have eliminated all of the options in the vars file except rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8.

Calls are successfully completing, however, in debug we are seeing AES_CM_128_HMAC_SHA1_80 as the sdes suite for srtp:dtls.

2018-05-04 22:38:30.429310 [INFO] switch_rtp.c:3185 Changing audio DTLS state from HANDSHAKE to SETUP
2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3094 audio Fingerprint Verified.
2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3908 Activating audio Secure RTP SEND
2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type: srtp:dtls:AES_CM_128_HMAC_SHA1_80
2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3886 Activating audio Secure RTP RECV
2018-05-04 22:38:30.450549 [INFO] switch_rtp.c:3134 Changing audio DTLS state from SETUP to READY
2018-05-04 22:38:30.450549 [DEBUG] switch_core_sqldb.c:2617 Secure Type: srtp:dtls:AES_CM_128_HMAC_SHA1_80
2018-05-04 22:38:30.450549 [DEBUG] switch_rtp.c:1885 rtcp_stats_init: audio ssrc[3910337773] base_seq[2433]

Any ideas on how or where to change this to the desired encryption protocol?

Jerry Chinn
Telecom VoIP Specialist
.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180508/23a06f45/attachment.html>