duggyk Posted April 27, 2009 Report Share Posted April 27, 2009 I'm making calls whereby an INVITE without SDP is sent to PBXNSIP to initiate a call. PBXNSIP always seems to respond with a 200OK containing and SDP which contains a 'crypto' line (initiating SRTP when the calling device sends an ACK which contains the SDP). How can I stop PBXNSIP sending any crypto lines in SDP's (i.e. turn off SRTP) ??? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 27, 2009 Report Share Posted April 27, 2009 I'm making calls whereby an INVITE without SDP is sent to PBXNSIP to initiate a call. PBXNSIP always seems to respond with a 200OK containing and SDP which contains a 'crypto' line (initiating SRTP when the calling device sends an ACK which contains the SDP). How can I stop PBXNSIP sending any crypto lines in SDP's (i.e. turn off SRTP) ??? There is no option. This behavior is neccessary because there are (buggy) user-agents out there which offer SRTP keys over insecure transport layer and if the PBX does not answer the crypto-line in a response then the call would not establish. A UA that does not support SRTP should silently ignore this. Quote Link to comment Share on other sites More sharing options...
duggyk Posted April 27, 2009 Author Report Share Posted April 27, 2009 There is no option. This behavior is neccessary because there are (buggy) user-agents out there which offer SRTP keys over insecure transport layer and if the PBX does not answer the crypto-line in a response then the call would not establish. A UA that does not support SRTP should silently ignore this. Is sending cryptographic information over a non-secure transport a good idea? I see that the a=crypto lines are sent whatever the transport layer (TCP/UDP/TLS) Quote Link to comment Share on other sites More sharing options...
duggyk Posted April 28, 2009 Author Report Share Posted April 28, 2009 There is no option. This behavior is neccessary because there are (buggy) user-agents out there which offer SRTP keys over insecure transport layer and if the PBX does not answer the crypto-line in a response then the call would not establish. A UA that does not support SRTP should silently ignore this. If there's no way to remove the crypto line from the SDP when using UDP or TCP connections i'll have to find an alternative solution (end of trial) In my case the UA isn't offering any capabilities in the initial INVITE (no SDP). PBXNSIP is offering SDP in the 200OK (with crypto line even though the transport layer is UDP/TCP). Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 29, 2009 Report Share Posted April 29, 2009 If there's no way to remove the crypto line from the SDP when using UDP or TCP connections i'll have to find an alternative solution (end of trial) In my case the UA isn't offering any capabilities in the initial INVITE (no SDP). PBXNSIP is offering SDP in the 200OK (with crypto line even though the transport layer is UDP/TCP). Maybe we can take the insecure offer out. I believe this was for an old firmware version of a phone, today it should not be relevant any more. What OS are you on? Quote Link to comment Share on other sites More sharing options...
duggyk Posted May 1, 2009 Author Report Share Posted May 1, 2009 Maybe we can take the insecure offer out. I believe this was for an old firmware version of a phone, today it should not be relevant any more. What OS are you on? I'm using openSUSE 10.3 any suggestions welcome ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.