[OpenSIPS-Users] rtpengine documentation

Robert Dyck rob.dyck at telus.net
Wed May 20 03:25:50 EST 2020 

Actually I had read the readme and I was wondering if opensips perhaps didn't support all the 
flags since some were missing from the documentation. Also on the subject of DTLS I am 
guessing that no flags means DTLS pass through but not certain. Also on the subject of DTLS 
when it plays MITM it sends a fingerprint that is generated with the SHA-1 hash which is deemed 
inadequate these days. With regard to the crypto aspect DTLS is supposed to follow TLS.

Thanks everyone for the input.
Rob

On Tuesday, May 19, 2020 7:20:48 P.M. PDT Ovidiu Sas wrote:


Hello Robert,


Take a look at the README file.
Based on the flags, rtpengine can bridge encrypted RTP traffic to unencrypted RTP traffic. It can 
also do transcoding.
So yes, it plays man-in-the-middle :)


Regards,
Ovidiu Sas




On Tue, May 19, 2020 at 18:32 Robert Dyck <rob.dyck at telus.net[1]> wrote:


Perhaps someone with knowledge of the inner workings of rtpengine could enlighten us about 
the interaction between ICE and DTLS. My experience suggests that it plays man-in-the-middle 
and fakes the DTLS negotiation in some circumstances.
Rob
 
On Tuesday, May 19, 2020 3:15:54 P.M. PDT Giovanni Maruzzelli wrote:




On Tue, May 19, 2020, 20:10 Ovidiu Sas <osas at voipembedded.com[2]> wrote:


opensips rtpengine module provides amechanism to pass those flags as strings to the rtpengine 
instance.Maybe we should add this to the documentation.




+1 +1 +1 (me, myself and I)


-giovanni






Regards,Ovidiu Sas

On Sat, May 16, 2020 at 3:37 PM Robert Dyck <rob.dyck at telus.net[1]> wrote:>> I am wanting 
to convert my config/script to use rtpengine instead of rtpproxy.> I think it would better deal 
with webrtc. After looking at some examples I> found, I see a couple of parameters that are not 
mentioned in the opensips> documentation. First there is the offer/answer option ice=force-
relay and> secondly DTLS=passive.>> Are these options obsolete/deprecated/intentionally 
omitted?>> On the subject of DTLS I noticed that when I use ice=force in offer and answer> 
rtpengine sends new DTLS fingerprints to the parties. I appears to operate as> back-to-back 
DTLS agent. I know this because both UAs sent SHA-256> fingerprints but they received SHA-1 
fingerprints. This may have worked but> one UA will only accept SHA-256 and it drops the 
call.>> The documentation does not mention that the ice= option can influence DTLS.>> 
Regards, Rob>>>> _______________________________________________> Users mailing list> 
Users at lists.opensips.org[3]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users[4]
http://www.voipembedded.com[5]
Users at lists.opensips.org[3]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users[4]



_______________________________________________Users mailing list

Users at lists.opensips.org[3]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users[4]

-- 


VoIP Embedded, Inc.

http://www.voipembedded.com[5]



--------
[1] mailto:rob.dyck at telus.net
[2] mailto:osas at voipembedded.com
[3] mailto:Users at lists.opensips.org
[4] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[5] http://www.voipembedded.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200519/01e94d73/attachment-0001.html>

More information about the Users mailing list