[SR-Users] sending INVTE with Digest values
Vasiliy Ganchev
vasiliy.ganchev at wildix.com
Fri Jul 24 08:22:40 CEST 2015
Al S wrote
> I am registering my client to kamailo successfully.
> client --> Register --> kamailioclient <-- 401 with nonce value <--
> kamailioclient --> Register with nonce and md5 response values -->
> kamailioclient <-- 200ok <-- kamailio
> However, when the client sends an invite with the same digest values,
> kamailio sends a 407 request for another challenge:
> client --> Invite with the same nonce and md5 response values -->
> kamailioclient <-- 407 <-- kamailio
> I am thinking the same digest values from register could be used for
> making calls.
> Thanks,Al
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at .sip-router
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi!
Kamailio behave according to RFC in this point.
Without this, if, you use e.g. UDP as a transport, the sip exchange can be
eavesdropped, and man-in-a-middle get nonce from response and use it for
INVITE - as a result get unauthorised access.
This is why Kamailio ask new authorisation in 407 (with new nonce)
Cheers
--
View this message in context: http://sip-router.1086192.n5.nabble.com/sending-INVTE-with-Digest-values-tp139891p139892.html
Sent from the Users mailing list archive at Nabble.com.
More information about the sr-users
mailing list