|Summary:||ASTERISK-16743: SRTP does not work if used togather with TLS|
|Date Opened:||2010-09-28 05:11:01||Date Closed:||2011-06-07 14:00:52|
|Environment:||Attachments:||( 0) asterisklog.txt|
( 1) asterisklogREPLICATED.txt
( 2) extensions.conf
( 3) pcap_trace_asterisk.pcap
( 4) pcap_trace_asteriskREPLICATED.pcap
( 5) sip.conf
|Description:||I am testing snom phones with asterisk 1.8. I configured SRTP and managed to make it work. But as soon as I configured TLS as well, SRTP stopped working. Once I removed TLS, SRTP works again.|
****** ADDITIONAL INFORMATION ******
asterisk18:/usr/src# svn info asterisk-1.8/
Repository Root: http://svn.asterisk.org/svn/asterisk
Repository UUID: f38db490-d61c-443f-a65b-d21fe96a405b
Node Kind: directory
Last Changed Author: tilghman
Last Changed Rev: 288640
Last Changed Date: 2010-09-23 23:42:37 -0400 (Thu, 23 Sep 2010)
|Comments:||By: Catalina (snomtest) 2010-09-28 05:22:53|
Please ignore the following attachments:
The correct logs are:
By: Leif Madsen (lmadsen) 2010-09-28 11:00:52
If you stopped using SRTP were you able to make TLS work?
By: Catalina (snomtest) 2010-09-29 02:56:36
Yes. TLS works anyway. The problem is that I cannot get both TLS and SRTP to work at the same time.
TLS without SRTP - works fine
SRTP without TLS - works fine
SRTP + TLS - only TLS works. SRTP is also negociated correctly but during tha call the trace shows only RTP packets an no SRTP packets
By: Catalina (snomtest) 2010-09-29 03:50:29
I am afraid the source of my problem was Wireshark: during my tests, I used Wireshark to view the PCAP traces. Since the SIP packets were TLS, my Wireshark did not correctly decode them and misinterpreted the SRTP packets as being RTP. But actually the packets were always SRTP. I managed to get my Wireshark to decode everything correctly and my tests are now successfull.
I can confirm now that asterisk 1.8 works with TLS+SRTP on snom phones
By: Catalina (snomtest) 2010-09-29 03:51:02
Can I close this bug or will you close it?
By: Leif Madsen (lmadsen) 2010-10-04 12:32:51
Thanks for the follow up! Closing the issue.