Asterisk 11 SRTP: Unsupported Crypto Parameters: UNENCRYPTED_SRTCP
Hi All,
I have Asterisk 11 talking to Avaya over SIP trunk using TLS and SRTP. On incoming calls from Avaya asterisk complains of ‘unsupported crypto parameters: UNENCRYPTED_SRTCP’ and rejects the call with ‘488 Not acceptable here’
Doesn’t Asterisk support UNENCRYPTED_SRTCP as crypto parameters in sdp?
FYI SDP looks like this.
v=0
o=- 1429194215 1 IN IP4 XX.XX.XX.XX
s=-
c=IN IP4 XX.XX.XX.XX
b=TIAS:64000
t=0 0
a=avf:avc=n prio=n a=csup:avf-v0
m=audio 50096 RTP/SAVP 0 18 120
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no a=rtpmap:120 telephone-event/8000
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP
And on CLI I see,
DEBUG[1568][C-00000000] sip/sdp_crypto.c: local_key64
7vXot5kn/sl/GYv5ENN6yW0PZZapQ00c++biLgoX len 40
WARNING[1568][C-00000000] sip/sdp_crypto.c: Unsupported crypto parameters:
UNENCRYPTED_SRTCP
DEBUG[1568][C-00000000] chan_sip.c: Processing media-level (audio) SDP
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:zUVSWsFB/WjVtLxXojBT7zbNvuQ4BkOwcCkD/AjM|2^20 UNENCRYPTED_SRTCP… UNSUPPORTED OR FAILED. WARNING[1568][C-00000000] chan_sip.c: Rejecting secure audio stream without encryption details: audio 50096 RTP/SAVP 0 18 120
VERBOSE[1568][C-00000000] chan_sip.c:
<--- Reliably Transmitting (NAT) to XX.XX.XX.XX:5061 --->
SIP/2.0 488 Not acceptable here
Thanking in advance for any inputs.
–Satish
One thought on - Asterisk 11 SRTP: Unsupported Crypto Parameters: UNENCRYPTED_SRTCP
Asterisk is complaining because placing an “UNENCRYPTED_SRTCP” after the lifetime parameter in a crypto attribute is part of RFC 4568
(Security Descriptions for Media Streams), which Asterisk does not support.
You will need to see if the Avaya system can be configured to not send the attribute.