[prev in list] [next in list] [prev in thread] [next in thread]
List: asterisk-dev
Subject: Re: [asterisk-dev] RTP/SAVP & TLS
From: Ross Beer <ross.beer () outlook ! com>
Date: 2016-01-06 14:07:53
Message-ID: SNT151-W790682BB06B71265FC0BD4FFF40 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
> Date: Wed, 6 Jan 2016 08:22:34 -0400
> From: jcolp@digium.com
> To: asterisk-dev@lists.digium.com
> Subject: Re: [asterisk-dev] RTP/SAVP & TLS
>
> Ross Beer wrote:
> > Hi Dev,
> >
> > In Asterisk 1.8 Snom phones accept calls when RTP/SAVP is set to
> > 'mandatory' which means that the RTP/SAVP options appear in the SDP 'm'
> > lines. However in Asterisk 13 chan_pjsip, no such lines exist when using
> > 'SDES' encryption.
>
> The "media_encryption=sdes" option turns on SRTP support and thus makes
> the media RTP/SAVP. You can also turn on optimistic SRTP support as well
> using "media_encryption_optimistic=yes" which will use RTP/AVP but
> include a crypto line. I just checked the testsuite tests for SDP
> offer/answer and they are passing, I also manually enabled it and
> confirmed it is RTP/SAVP. You may have a configuration error. Snom devices work \
> correctly when 'media_encryption_optimistic=no', when this is set to yes the \
> RTP/SAVP is replaced: Set to No = "m=audio 41988 RTP/SAVP 8 0 3 101" Set to Yes = \
> "m=audio 36240 RTP/AVP 8 0 3 101" I have updated my configuration to not use the \
> optimistic setting.
> >
> > Therefore Snom phones require this option to be set to 'off'. Should
> > Asterisk 13 be offering RTP/SAVP in the same way as chan_sip did?
> >
> > With regards to TLS, devices reject calls if a 'transport=transport-tls'
> > is specified. Is this also a bug as it appears that Asterisk doesn't
> > re-use an active connection in this situation?
>
> This is a bug in PJSIP which has an issue on our side[1]. If an explicit
> transport is specified PJSIP will not reuse a connection.
>
> [1] https://issues.asterisk.org/jira/browse/ASTERISK-22658
> Great, I can work around this until a fix is in place. Thank you for your \
> assistance.
> --
> Joshua Colp
> Digium, Inc. | Senior Software Developer
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - US
> Check us out at: www.digium.com & www.asterisk.org
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br> <BR><div>> Date: Wed, 6 Jan 2016 \
08:22:34 -0400<br>> From: jcolp@digium.com<br>> To: \
asterisk-dev@lists.digium.com<br>> Subject: Re: [asterisk-dev] RTP/SAVP & \
TLS<br>> <br>> Ross Beer wrote:<br>> > Hi Dev,<br>> ><br>> > \
In Asterisk 1.8 Snom phones accept calls when RTP/SAVP is set to<br>> > \
'mandatory' which means that the RTP/SAVP options appear in the SDP 'm'<br>> > \
lines. However in Asterisk 13 chan_pjsip, no such lines exist when using<br>> > \
'SDES' encryption.<br>> <br>> The "media_encryption=sdes" option turns on SRTP \
support and thus makes <br>> the media RTP/SAVP. You can also turn on optimistic \
SRTP support as well <br>> using "media_encryption_optimistic=yes" which will use \
RTP/AVP but <br>> include a crypto line. I just checked the testsuite tests for \
SDP <br>> offer/answer and they are passing, I also manually enabled it and \
<br>> confirmed it is RTP/SAVP. You may have a configuration \
error.</div><div> </div><div>Snom devices work correctly when \
'media_encryption_optimistic=no', when this is set to yes the RTP/SAVP is \
replaced:</div><div> </div><div>Set to No = "m=audio 41988 RTP/SAVP 8 0 3 \
101"</div><div> </div><div>Set to Yes = "m=audio 36240 RTP/AVP 8 0 3 \
101"</div><div> </div><div>I have updated my configuration to not use the \
optimistic setting.</div><div><br>> <br>> ><br>> > Therefore Snom \
phones require this option to be set to 'off'. Should<br>> > Asterisk 13 be \
offering RTP/SAVP in the same way as chan_sip did?<br>> ><br>> > With \
regards to TLS, devices reject calls if a 'transport=transport-tls'<br>> > is \
specified. Is this also a bug as it appears that Asterisk doesn't<br>> > re-use \
an active connection in this situation?<br>> <br>> This is a bug in PJSIP which \
has an issue on our side[1]. If an explicit <br>> transport is specified PJSIP \
will not reuse a connection.<br>> <br>> [1] \
https://issues.asterisk.org/jira/browse/ASTERISK-22658<br>> \
</div><div> </div><div>Great, I can work around this until a fix is in \
place.</div><div> </div><div>Thank you for your assistance.</div><div><br>> \
-- <br>> Joshua Colp<br>> Digium, Inc. | Senior Software Developer<br>> 445 \
Jan Davis Drive NW - Huntsville, AL 35806 - US<br>> Check us out at: \
www.digium.com & www.asterisk.org<br>> <br>> <br>> -- <br>> \
_____________________________________________________________________<br>> -- \
Bandwidth and Colocation Provided by http://www.api-digital.com --<br>> <br>> \
asterisk-dev mailing list<br>> To UNSUBSCRIBE or update options visit:<br>> \
http://lists.digium.com/mailman/listinfo/asterisk-dev<br></div> \
</div></body> </html>
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic