[Freeswitch-users] FreeSWITCH offering SRTP on Re-INVITE
Andrew Cassidy
andrew at cassidywebservices.co.uk
Thu May 24 20:03:25 UTC 2018
Hi Mike,
This was with rtp_secure_media=optional
If I use any other value of rtp_secure_media it works as expected. If that
has to be the workaround then so be it.
Kind regards,
On Wed, 23 May 2018, 16:17 Michael Jerris, <mike at jerris.com> wrote:
> After review with the zoiper team, it looks like this re-invite is trying
> to force srtp, while using UDP, something which is generally bad security
> practice, and because of this, something that zoiper does not support. If
> you wish to create an SRTP call with zoiper you should do so at the start
> of the call, and using TLS for signaling for security.
>
>
> On May 19, 2018, at 3:12 AM, Andrew Cassidy <
> andrew at cassidywebservices.co.uk> wrote:
>
> Thanks Michael,
>
> They're basically being all high and mighty about it. I've suggested that
> handling the call should be consistent, they either don't reject the
> reinvite, or they reject the initial invite but have told me this issue is
> "by design".
>
> We have workarounds as previously mentioned so it's not the end of the
> world. I might have to reconsider whether I continue to use them in the
> long term.
>
> Kind regards,
>
> On Fri, 18 May 2018, 16:19 Michael Jerris, <mike at jerris.com> wrote:
>
> After review of the sip trace, I’d report that one to the zoiper guys.
>> There is no reason they should reject the call in that case.
>>
>> > On May 17, 2018, at 4:48 PM, Andrew Cassidy <
>> andrew at cassidywebservices.co.uk> wrote:
>> >
>> > Good afternoon All,
>> >
>> > I have experienced the following issue with Zoiper specifically (I have
>> a support ticket open with them currently) and was wondering if it's
>> something that could/should be fixed FreeSWITCH side.
>> >
>> > If rtp_secure_media is set to optional, and SRTP is disabled on Zoiper,
>> when FreeSWITCH sends the Re-INVITE, it sends crypto lines. Zoiper then
>> replies with a 514 Unsupported Media Type and the timer refresh fails,
>> causing Zoiper to hang up the call.
>> >
>> > My current feeling is that as Zoiper ignored the crypto on the initial
>> INVITE it should be them that then handles the Re-INVITE consistently by
>> also ignoring the crypto lines but I'm not familiar enough with the RFCs to
>> make a judgement.
>> >
>> > The workaround is to either enable SRTP in Zoiper or don't set
>> rtp_secure_media to optional when Zoiper is in use.
>> >
>> > Kind regards,
>> >
>>
> =
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180524/1a87fc29/attachment.html>
More information about the FreeSWITCH-users
mailing list