Comments (9)
Yeah, that's weird. What you're expecting is exactly how I designed it to work. If TLS is enabled as transport, SRTP is mandatory. It is mandatory in both directions and last time I checked, it worked like this, also for incoming calls.
Can I see the full debug log from Telephone? Just to make sure we didn't miss anything. And to have a full picture from the app's perspective. You can send it to the support email address from the website.
from telephone.
To generate a debug log, you can start Telephone from the command line like this:
/Applications/Telephone.app/Contents/MacOS/Telephone -LogLevel 6 -ConsoleLogLevel 6
It will write both to the standard output and to the Telephone.log file that you can reveal via the Help menu. Note that the log file is incomplete until you quit the app.
from telephone.
Thanks for the quick response. I've just sent an email to support containing a Nextcloud link to access the logs.
from telephone.
Thanks. I see that Asterisk is sending AVP
and not SAVP
in the INVITE
.
m=audio 10090 RTP/AVP 8 9 107 0 101
So the behavior when Telephone rejects this because SRTP is mandatory is the expected behavior.
What about the media_encryption setting in Asterisk? Maybe setting it to sdes
would be the same thing that Telephone has internally as PJMEDIA_SRTP_MANDATORY
?
from telephone.
I suspect that Asterisk's media_encryption_optimistic
is PJSIP's PJMEDIA_SRTP_OPTIONAL
.
from telephone.
Yes, I've just realised the behaviour is the opposite to what I stated in my original post!
As you say, with media_encryption_optimistic = no
Asterisk is sending:
m=audio 10126 RTP/SAVP 8 9 107 0 101
and with media_encryption_optimistic = yes
, it sends:
m=audio 10008 RTP/AVP 8 9 107 0 101
This seems completely counter intuitive to me based on the Asterisk documentation. In any case, it's not a Telephone issue but an Asterisk issue.
Please accept my apologies for wasting your time!
Edit: I got the no/yes lines the wrong way round (again!)
from telephone.
I think it stems from the PJSIP behavior and yes, it is confusing. And Asterisk even made two separate settings from this which probably doesn't make it easier. It seems like the proper combination for what we want is:
media_encryption
enabled (sdes
)
media_encryption_optimistic
disabled, meaning it's mandatory
from telephone.
Yes, it looks like you're correct:
/* If an optimistic offer has been made but encryption is not enabled consider it as having
* no offer of crypto at all instead of invalid so the session proceeds.
*/
if (optimistic) {
return AST_SIP_MEDIA_ENCRYPT_NONE;
}
So by enabling this option I've explicitly made all my communications less secure 🤦
Closing this now, again thanks for your help and apologies for wasting your time.
from telephone.
No worries, it's good that it came up now, I'll be more prepared in the future.
from telephone.
Related Issues (20)
- Immutable character set passed to mutable function HOT 2
- Wrong Data HOT 2
- Telephone crashes with "Use DNS SRV" HOT 7
- TLS assumes SRTP HOT 3
- Choose Account when dialing from AddressBook or Service HOT 1
- Focus (Do Not Disturb)
- Year 2022
- LibreSSL 3.1.5
- Apple Silicon Support HOT 1
- Play ringtone on different speakers HOT 3
- Close widget/window after transfer completed
- Export of Settings HOT 2
- Automatic registration for hosts without DNS A record
- Hash (#) in tel: URLs
- Allowing access to control Mac causes bluetooth disconnects HOT 2
- "Could not start SIP user agent." error in Version 1.6 HOT 1
- documentation to use sdk HOT 1
- TLS 1.3
- Misleading "Call Failed" message when no microphone is available
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from telephone.