8 Apr
2009
8 Apr
'09
7:34 a.m.
Hi Henning, thanks for your answer
From whant I understand, nonce shouldn't be used
twice at all, so if
www_authenticate return code is 3 (NONCE_REUSED), the REGISTER
or any
other authenticated package should be rejected. But the usual examples
of kamailio.cfg show that the message is rejected only if
www_authenticate reply is < 0. So how exactly is the safe way to use
it?
2009/4/8 Henning Westerholt <henning.westerholt(a)1und1.de>de>:
On Wednesday 08 April 2009, catalina oancea wrote:
Does anybody know in which situation the
NONCE_REUSED return code for
www_authenticate would appear? I understand the usage of the
STALE_NONCE code, this is when the nonce expires and the servers sends
a new nonce to the phone. But why is the NONCE_REUSED used and why
does it occur sometimes? Should I reject or accept the registration
when this code appears?
NONCE_REUSED /* Returned if nonce is used more than once */
Hi Catalina,
this is related to a security enhancement that was added about half a year or
so. Take a look at the announcement of this functionality for more
informations: http://lists.kamailio.org/pipermail/users/2008-June/017696.html
Cheers,
Henning