Re: [OpenSIPS-Users] nonce password

2022-11-03 Thread Maxim Sobolev 
Richard, as part of the RFC8760 work we've changed nonce algorithm to be
more secure and do not expose as much info to a potential attacker starting
with 3.1. It also prevents qop/algorithm "downgrade" attacks on a stateless
proxy. But as Bogdan pointed out, there are some options to ignore
validation of nonce and just verify digest, which might provide some help
in your situation.

-Maksym


On Wed, Nov 2, 2022, 11:18 AM Richard Revels via Users <
users@lists.opensips.org> wrote:

> If I set a nonce password on a opensips 3.x proxy and the same one on
> opensips 2.x proxy it is expected behaviour that it still wont match if
> call starts on opensips 2, is challenged, then INVITE is sent to opensips 3
> proxy?
>
>
>
> [image: BandwidthMaroon.png]
>
>
>
> Richard Revels  •  System Architect II
>
> 900 Main Campus Drive, Suite 100, Raleigh, NC 27606
>
>
>
> m: 919-578-3421  •  o: 919-727-4614
>
> e: rrev...@bandwidth.com
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] nonce password

2022-11-03 Thread Bogdan-Andrei Iancu 

Hi Richard,

Theoretically it should work (to have a 2.x do the challenge and the 3.x 
and actual auth). But be sure to have the `disable_nonce_check` 
parameter disabled on the one doing the actual auth, otherwise it will fail.


[1] 
https://opensips.org/html/docs/modules/3.2.x/auth.html#param_disable_nonce_check


Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
OpenSIPS Bootcamp 5-16 Dec 2022, online
  https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/

On 11/2/22 8:15 PM, Richard Revels via Users wrote:
If I set a nonce password on a opensips 3.x proxy and the same one on 
opensips 2.x proxy it is expected behaviour that it still wont match 
if call starts on opensips 2, is challenged, then INVITE is sent to 
opensips 3 proxy?



BandwidthMaroon.png



Richard Revels•System Architect II

900 Main Campus Drive, Suite 100, Raleigh, NC 27606

m:919-578-3421 • o: 919-727-4614

e: rrev...@bandwidth.com 


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] nonce password

2022-11-02 Thread Richard Revels via Users 
If I set a nonce password on a opensips 3.x proxy and the same one on
opensips 2.x proxy it is expected behaviour that it still wont match if
call starts on opensips 2, is challenged, then INVITE is sent to opensips 3
proxy?



[image: BandwidthMaroon.png]



Richard Revels  •  System Architect II

900 Main Campus Drive, Suite 100, Raleigh, NC 27606



m: 919-578-3421  •  o: 919-727-4614

e: rrev...@bandwidth.com
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users