linphone-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] zrtp-hash is missing in SDP

From: Johan Pascal
Subject: Re: [Linphone-users] zrtp-hash is missing in SDP
Date: Tue, 20 Oct 2015 10:09:04 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
Hi,
thanks for the logs, it's much more clear now. Two things:

- I think there is a bug in bzrtp offer/answer on auth tag algorithm selection, I have to dig more on this. I'll update you on this.

- Anyway, your freeswitch server is configured to act as a man-in-the-middle, which may be seen as unsecure by your users(this allow your server to get access to plain packets exchanges) and moreover, this option (which implies a SAS relay), is not supported by linphone/bzrtp and will then result in different SAS being displayed at your endpoints.

I suggest you set your freeswitch server to pass through the ZRTP packets:
https://wiki.freeswitch.org/wiki/ZRTP#ZRTP_passthru

johan

On 19/10/15 16:31, Saurabh Kumar Verma wrote:
Hi Johan, 

Please find the attached logs.
linphone_1012: Debug log for endpoint1
linphone_1008: Debug log for endpoint2
zrtp_linphine.pcap: sniff on server side

Test Setup:

1012 ----> FreeSWITCH Server ----> 1008


On Thu, Oct 15, 2015 at 6:10 PM, Johan Pascal <address@hidden> wrote:
Hi,
can you post your complete linphone client log(enable debug trace in linphone). Do you have the media encryption set to ZRTP? I cannot see any ZRTP hello packets sent from linphone. Can you get the network trace from the linphone client?

johan


On 15/10/15 14:08, Saurabh Kumar Verma wrote:
Thanks Johan,

I tried with the same way but no luck.
Attached here the server side sniff (using FreeSWITCH as SIP server). 

On Wed, Oct 14, 2015 at 7:01 PM, Johan Pascal <address@hidden> wrote:
Hi,
zrtp-hash in SDP is not implemented in linphone as it is an optional feature. Check in your network settings->media encryption to see if ZRTP is there. If yes, select it and it shall work.(when it works, and the other peer has ZRTP enabled too, it will prompt you to confirm the SAS).

johan


On 14/10/15 15:21, Saurabh Kumar Verma wrote:
Hi All, 

I'm trying to secure RTP in Linphone using ZRTP. For that I compiled the linphone with enable zrtp option (configure --enable-zrtp). The compilation is fine but as I initiate the call, I'm not seeing zrtp-hash parameter in SDP. I tried with TLS and UDP.
Also any other way to confirm whether ZRTP is configured in my linphone.?

--

Thanks:

Saurabh Kumar Verma

VVDN Technologies Pvt Ltd

Cell : +91 7042378747 | Skype : saurabh.verma001


_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users


_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users




--

Thanks:

Saurabh Kumar Verma

VVDN Technologies Pvt Ltd

Cell : +91 7042378747 | Skype : saurabh.verma001


_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users


_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users




--

Thanks:

Saurabh Kumar Verma

VVDN Technologies Pvt Ltd

Cell : +91 7042378747 | Skype : saurabh.verma001


_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users

reply via email to
[Prev in Thread] Current Thread [Next in Thread]