[OpenSIPS-Users] SDES and DTLS mutually exclusive

Robert Dyck rob.dyck at telus.net
Sat Jul 4 19:34:37 EST 2020


I have run into an issue with rtpengine and the ICE=force option.

To quote the rtpengine README 

With `force`, ICE attributes are first stripped, then new attributes are 

When using the force option where I think it will be appropriate I found it also adds crypto 
attributes. I believe this invokes SDES security. If the setup attribute is also present ( DTLS 
security ) the call fails with bad description. SDES=off does not prevent this behaviour. The 
error message from the UA says there cannot be both.

a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:/
msDyiV8x6qpcH4m1iEmxo8aqAAhhkGctQbxvkNy
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:JgDv7fMfKd1GQcFq9Jn0tMf1C5DE0VaRDe6Js8D6
a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:CiCkAETMov/tbVsqykp7j3/
PB7aUfQjv+nozBQuOUMBnJlrm8bU
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:
6ktVsgwfiGg4US2BLWuV3XpCt0fvkiuFgcEr8n83KDln8w9ar+c
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:l1pr/
67vqwthDdnRoSaTbGvRPBNP7uHIhjfeG8InuqWQZjLkumU5MVKz2mAujw
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:V+K2bK8Zahr9KX7zswVwM2cpZ+/
g8hMD4a5PmJzncH8WgDnCH/xLH0CFRwYKgg
a=crypto:7 F8_128_HMAC_SHA1_80 inline:Z00dhmeQwuttjeRawylGKannT7KbBZhDExDxETNo
a=crypto:8 F8_128_HMAC_SHA1_32 inline:R5Vqt9WQ1wU76GcS7CvDosgbWHRYLV7CRnGre+uV
a=crypto:9 NULL_HMAC_SHA1_80 inline:TP2aKDSKe8G9E7kd+w7XpOhcItzd0xmBN3g06WC1
a=crypto:10 NULL_HMAC_SHA1_32 inline:xKFUEuwLpexe84KKCulBSThMx75T74U7/K7qJbKi
a=setup:actpass
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200704/070d37d4/attachment.html>


More information about the Users mailing list