[Freeswitch-users] FreeSWITCH offering SRTP on Re-INVITE
andrew at cassidywebservices.co.uk
Thu May 24 20:03:25 UTC 2018
This was with rtp_secure_media=optional
If I use any other value of rtp_secure_media it works as expected. If that
has to be the workaround then so be it.
On Wed, 23 May 2018, 16:17 Michael Jerris, <mike at jerris.com> wrote:
> After review with the zoiper team, it looks like this re-invite is trying
> to force srtp, while using UDP, something which is generally bad security
> practice, and because of this, something that zoiper does not support. If
> you wish to create an SRTP call with zoiper you should do so at the start
> of the call, and using TLS for signaling for security.
> On May 19, 2018, at 3:12 AM, Andrew Cassidy <
> andrew at cassidywebservices.co.uk> wrote:
> Thanks Michael,
> They're basically being all high and mighty about it. I've suggested that
> handling the call should be consistent, they either don't reject the
> reinvite, or they reject the initial invite but have told me this issue is
> "by design".
> We have workarounds as previously mentioned so it's not the end of the
> world. I might have to reconsider whether I continue to use them in the
> long term.
> Kind regards,
> On Fri, 18 May 2018, 16:19 Michael Jerris, <mike at jerris.com> wrote:
> After review of the sip trace, I’d report that one to the zoiper guys.
>> There is no reason they should reject the call in that case.
>> > On May 17, 2018, at 4:48 PM, Andrew Cassidy <
>> andrew at cassidywebservices.co.uk> wrote:
>> > Good afternoon All,
>> > I have experienced the following issue with Zoiper specifically (I have
>> a support ticket open with them currently) and was wondering if it's
>> something that could/should be fixed FreeSWITCH side.
>> > If rtp_secure_media is set to optional, and SRTP is disabled on Zoiper,
>> when FreeSWITCH sends the Re-INVITE, it sends crypto lines. Zoiper then
>> replies with a 514 Unsupported Media Type and the timer refresh fails,
>> causing Zoiper to hang up the call.
>> > My current feeling is that as Zoiper ignored the crypto on the initial
>> INVITE it should be them that then handles the Re-INVITE consistently by
>> also ignoring the crypto lines but I'm not familiar enough with the RFCs to
>> make a judgement.
>> > The workaround is to either enable SRTP in Zoiper or don't set
>> rtp_secure_media to optional when Zoiper is in use.
>> > Kind regards,
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> Official FreeSWITCH Sites
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FreeSWITCH-users