On Fri, Apr 17, 2015 at 6:16 AM, Satish Barot <satish4aster...@gmail.com> wrote: > Hi All, > > I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP. > On incoming calls from Avaya asterisk complains of 'unsupported crypto > parameters: UNENCRYPTED_SRTCP' and rejects the call with '488 Not acceptable > here' > > Doesn't Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp? > > FYI SDP looks like this. > > v=0 > o=- 1429194215 1 IN IP4 XX.XX.XX.XX > s=- > c=IN IP4 XX.XX.XX.XX > b=TIAS:64000 > t=0 0 > a=avf:avc=n prio=n > a=csup:avf-v0 > m=audio 50096 RTP/SAVP 0 18 120 > a=rtpmap:0 PCMU/8000 > a=rtpmap:18 G729/8000 > a=fmtp:18 annexb=no > a=rtpmap:120 telephone-event/8000 > a=ptime:20 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP > > And on CLI I see, > > DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64 > 7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40 > WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters: > UNENCRYPTED_SRTCP > DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP... > UNSUPPORTED OR FAILED. > WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without > encryption details: audio 50096 RTP/SAVP 0 18 120 > VERBOSE[1568][C-00000000] chan_sip.c: > <--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 ---> > SIP/2.0 488 Not acceptable here > > Thanking in advance for any inputs. >
Asterisk is complaining because placing an "UNENCRYPTED_SRTCP" after the lifetime parameter in a crypto attribute is part of RFC 4568 (Security Descriptions for Media Streams), which Asterisk does not support. You will need to see if the Avaya system can be configured to not send the attribute. -- Matthew Jordan Digium, Inc. | Director of Technology 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users