[Kamailio-Users] NONCE_REUSED return code
catalina oancea
catalina.oancea at gmail.com
Wed Apr 8 13:34:40 CEST 2009
Hi Henning, thanks for your answer
>From whant I understand, nonce shouldn't be used twice at all, so if
www_authenticate return code is 3 (NONCE_REUSED), the REGISTER or any
other authenticated package should be rejected. But the usual examples
of kamailio.cfg show that the message is rejected only if
www_authenticate reply is < 0. So how exactly is the safe way to use
it?
2009/4/8 Henning Westerholt <henning.westerholt at 1und1.de>:
> On Wednesday 08 April 2009, catalina oancea wrote:
>> Does anybody know in which situation the NONCE_REUSED return code for
>> www_authenticate would appear? I understand the usage of the
>> STALE_NONCE code, this is when the nonce expires and the servers sends
>> a new nonce to the phone. But why is the NONCE_REUSED used and why
>> does it occur sometimes? Should I reject or accept the registration
>> when this code appears?
>>
>> NONCE_REUSED /* Returned if nonce is used more than once */
>
> Hi Catalina,
>
> this is related to a security enhancement that was added about half a year or
> so. Take a look at the announcement of this functionality for more
> informations: http://lists.kamailio.org/pipermail/users/2008-June/017696.html
>
> Cheers,
>
> Henning
>
More information about the sr-users
mailing list