Satish Barot
2015-Apr-17 11:16 UTC
[asterisk-users] Asterisk 11 SRTP: unsupported crypto parameters: UNENCRYPTED_SRTCP
Hi All, I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP. On incoming calls from Avaya asterisk complains of 'unsupported crypto parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable here' Doesn't Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp? FYI SDP looks like this. v=0 o=- 1429194215 1 IN IP4 XX.XX.XX.XX s=- c=IN IP4 XX.XX.XX.XX b=TIAS:64000 t=0 0 a=avf:avc=n prio=n a=csup:avf-v0 m=audio 50096 RTP/SAVP 0 18 120 a=rtpmap:0 PCMU/8000 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=no a=rtpmap:120 telephone-event/8000 a=ptime:20 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP And on CLI I see, DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64 7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40 WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters: UNENCRYPTED_SRTCP DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP... UNSUPPORTED OR FAILED. WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without encryption details: audio 50096 RTP/SAVP 0 18 120 VERBOSE[1568][C-00000000] chan_sip.c: <--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 ---> SIP/2.0 488 Not acceptable here Thanking in advance for any inputs. --Satish -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150417/a487b40a/attachment.html>
Matthew Jordan
2015-Apr-17 15:28 UTC
[asterisk-users] Asterisk 11 SRTP: unsupported crypto parameters: UNENCRYPTED_SRTCP
On Fri, Apr 17, 2015 at 6:16 AM, Satish Barot <satish4asterisk at gmail.com> wrote:> Hi All, > > I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP. > On incoming calls from Avaya asterisk complains of 'unsupported crypto > parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable > here' > > Doesn't Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp? > > FYI SDP looks like this. > > v=0 > o=- 1429194215 1 IN IP4 XX.XX.XX.XX > s=- > c=IN IP4 XX.XX.XX.XX > b=TIAS:64000 > t=0 0 > a=avf:avc=n prio=n > a=csup:avf-v0 > m=audio 50096 RTP/SAVP 0 18 120 > a=rtpmap:0 PCMU/8000 > a=rtpmap:18 G729/8000 > a=fmtp:18 annexb=no > a=rtpmap:120 telephone-event/8000 > a=ptime:20 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP > > And on CLI I see, > > DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64 > 7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40 > WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters: > UNENCRYPTED_SRTCP > DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP... > UNSUPPORTED OR FAILED. > WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without > encryption details: audio 50096 RTP/SAVP 0 18 120 > VERBOSE[1568][C-00000000] chan_sip.c: > <--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 ---> > SIP/2.0 488 Not acceptable here > > Thanking in advance for any inputs. >Asterisk is complaining because placing an "UNENCRYPTED_SRTCP" after the lifetime parameter in a crypto attribute is part of RFC 4568 (Security Descriptions for Media Streams), which Asterisk does not support. You will need to see if the Avaya system can be configured to not send the attribute. -- Matthew Jordan Digium, Inc. | Director of Technology 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org