Summary:ASTERISK-17488: no native bridging when more than one crypto offer in SRTP
Reporter:Gerson Sampaio (gersonsm)Labels:
Date Opened:2011-02-28 11:57:42.000-0600Date Closed:2011-02-28 14:34:49.000-0600
Versions:Frequency of
Environment:Attachments:( 0) asterisk.log
Description:When using phones (ie Yealink T22p) that send more than one crypto offers Asterisk does not establish a native bridging between the phones anymore, meaning that the asterisk server stays in the media path and all the traffic flows from phone A to Asterisk and from Asterisk further on to phone B. When using softphone (Phonerlite) i can use SRTP with no issue.


crypto offer from t22p:
o=- 20002 20002 IN IP4
s=SDP data
c=IN IP4
t=0 0
m=audio 11784 RTP/SAVP 0 8 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:N2Y1MjAyNmIzMDEyZTBhODRjMTE3NGYxN2QyMDA4
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:N2YyZGJkZjQyYWJlMDlhNzcxNTA4NTE2NTBkNzA3
a=crypto:3 F8_128_HMAC_SHA1_80 inline:N2JmYTZkOGMxZDc4NmI5MDcwYWQ0OWEANWRmMGQx
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=fmtp:101 0-15
a=rtpmap:101 telephone-event/8000
Comments:By: Gerson Sampaio (gersonsm) 2011-02-28 13:54:56.000-0600

The same problem appear with Polycom IP-650 Phone.

By: Terry Wilson (twilson) 2011-02-28 14:34:49.000-0600

This isn't a problem, it is just how things work. Phone A calls Asterisk and sets up an encrypted session. Asterisk calls Phone B and sets up an encrypted session. It is not possible for the phones send the media directly because they wouldn't be able to decrypt.

Asterisk is not a SIP proxy. It doesn't direct the phones to negotiate encryption between each other. It can behave in no other way.