VoIP Mailing List Archives :: View topic - [asterisk-users] Asterisk 11 SRTP: unsupported crypto parameters: UNENCRYPTED

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Asterisk 11 SRTP: unsupported crypto parameters: UNENCRYPTED_SRTCP

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

satish4asterisk at gma...
Guest

Posted: Fri Apr 17, 2015 6:16 am Post subject: [asterisk-users] Asterisk 11 SRTP: unsupported crypto parame

Hi All, I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP. On incoming calls from Avaya asterisk complains of 'unsupported crypto parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable here' Doesn't Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp? FYI SDP looks like this. v=0 o=- 1429194215 1 IN IP4 XX.XX.XX.XX s=- c=IN IP4 XX.XX.XX.XX b=TIAS:64000 t=0 0 a=avf:avc=n prio=n a=csup:avf-v0 m=audio 50096 RTP/SAVP 0 18 120 a=rtpmap:0 PCMU/8000 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=no a=rtpmap:120 telephone-event/8000 a=ptime:20 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM\|2^20 UNENCRYPTED_SRTCP And on CLI I see, DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64 7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40 WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters: UNENCRYPTED_SRTCP DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM\|2^20 UNENCRYPTED_SRTCP... UNSUPPORTED OR FAILED. WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without encryption details: audio 50096 RTP/SAVP 0 18 120 VERBOSE[1568][C-00000000] chan_sip.c: <--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 ---> SIP/2.0 488 Not acceptable here Thanking in advance for any inputs. --Satish

mjordan at digium.com
Guest

Posted: Fri Apr 17, 2015 10:29 am Post subject: [asterisk-users] Asterisk 11 SRTP: unsupported crypto parame

On Fri, Apr 17, 2015 at 6:16 AM, Satish Barot <satish4asterisk@gmail.com> wrote:

Quote:

Hi All,

I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP.
On incoming calls from Avaya asterisk complains of 'unsupported crypto
parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable
here'

Doesn't Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp?

FYI SDP looks like this.

v=0
o=- 1429194215 1 IN IP4 XX.XX.XX.XX
s=-
c=IN IP4 XX.XX.XX.XX
b=TIAS:64000
t=0 0
a=avf:avc=n prio=n
a=csup:avf-v0
m=audio 50096 RTP/SAVP 0 18 120
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:120 telephone-event/8000
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP

And on CLI I see,

DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64
7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40
WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters:
UNENCRYPTED_SRTCP
DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP...
UNSUPPORTED OR FAILED.
WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without
encryption details: audio 50096 RTP/SAVP 0 18 120
VERBOSE[1568][C-00000000] chan_sip.c:
<--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 --->
SIP/2.0 488 Not acceptable here

Thanking in advance for any inputs.

Asterisk is complaining because placing an "UNENCRYPTED_SRTCP" after
the lifetime parameter in a crypto attribute is part of RFC 4568
(Security Descriptions for Media Streams), which Asterisk does not
support.

You will need to see if the Avaya system can be configured to not send
the attribute.

--
Matthew Jordan
Digium, Inc. | Director of Technology
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum