SRTP DTLS with AES GCM 128 --> no SRTP Stream

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I am using a setup with PjProject 2.9 and OpenSSL 1.0.2h. I have the following config_site.h file. I use the LinPhone to test my own device and to establish a call. My device does never establish a call by himself. A normal call and a call with SRTP works fine but a call with DTLS doesn’t work. ­When the two lines with AES_GCM are removed from the config also the DTLS call works.

 

I saw in the wireshark trace that the hello client message that is send from my device with pjproject has no “use_srtp” extension. It stops with the “heartbeat” extension. When AES_GCM is removed the “use_srtp” extension exists. Is this a problem with the usage of openssl1.0.2h or is there any error in the configuration?! Does somebody knows this behavior?

 

In the makefile is use –with-ssl so that the installation of openssl is checked.­­

 

 

config_site.h

#define PJ_SSL_SOCK_IMP                              PJ_SSL_SOCK_IMP_OPENSSL

#define PJ_HAS_SSL_SOCK                      1

#define PJMEDIA_HAS_SRTP                     1

#define PJMEDIA_SRTP_HAS_SDES                1

#define PJMEDIA_SRTP_HAS_DTLS                1

 

#define PJMEDIA_SRTP_HAS_AES_CM_256          1

#define PJMEDIA_SRTP_HAS_AES_CM_128          1

#define PJMEDIA_SRTP_HAS_AES_GCM_256         1

#define PJMEDIA_SRTP_HAS_AES_GCM_128         1

 

PJ Logs:

2019-12-11 14:32:57.095170: [debug] dtls0x74213f40 !Failed to get SRTP material: No matching SRTP crypto-suite after DTLS nego (PJMEDIA_SRTP_DTLS_ENOCRYPTO)

2019-12-11 14:32:57.095349: [debug]  pjsua_media.c  Call 0: Media 0: SRTP negotiation completes: No matching SRTP crypto-suite after DTLS nego (PJMEDIA_SRTP_DTLS_ENOCRYPTO)

 

Configure:

checking for OpenSSL installations..

pjproject-2.9-r2 do_configure: checking openssl/ssl.h usability...

pjproject-2.9-r2 do_configure: yes

checking openssl/ssl.h presence...

pjproject-2.9-r2 do_configure: yes

checking for openssl/ssl.h...

pjproject-2.9-r2 do_configure: yes

checking for ERR_load_BIO_strings in -lcrypto...

pjproject-2.9-r2 do_configure: yes

checking for SSL_CTX_new in -lssl...

pjproject-2.9-r2 do_configure: yes

pjproject-2.9-r2 do_configure: OpenSSL library found, SSL support enabled

pjproject-2.9-r2 do_configure: checking for EVP_aes_128_gcm in -lcrypto...

pjproject-2.9-r2 do_configure: yes

pjproject-2.9-r2 do_configure: OpenSSL has AES GCM support, SRTP will use OpenSSL

pjproject-2.9-r2 do_configure: Checking if OpenCORE AMR support is disabled... yes

 

Best regards

Harald

 

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux