[SR-Users] Reject tls invites without a=crypto sdp
Karsten Horsmann
khorsmann at gmail.com
Sat Dec 14 12:11:36 CET 2019
Hi David,
That's looks good. It's a bit to greedy cos I translate SRTP from internet
to RTP to inside.
Maybe an AND with
If proto==TLS would be an good idea.
Cheers.
Karsten
David Villasmil <david.villasmil.work at gmail.com> schrieb am Sa., 14. Dez.
2019, 11:35:
> Well, you could simply use
>
>
> if ( has_body("application/sdp") ) {
> if ( !search_body("a=crypto") ) {
> ... reject here ...
> }
> }
>
> though there's probably a better way...
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
>
> On Sat, Dec 14, 2019 at 8:20 AM Karsten Horsmann <khorsmann at gmail.com>
> wrote:
>
>> Hi,
>>
>> I use Kamailio 5.3.1 with rtpengine to offer an siptrunk endpoint for my
>> customers.
>>
>> I observe that someone of them use tls to encrypt signaling but forgotten
>> to encrypt rtp.
>>
>> I want to reject this invites.
>>
>> Are there any hints how to do this?
>>
>> Thought about reading the sdp and search for a=crypto line and if not
>> send reply with (what code ever will be good for that).
>>
>> Cheers
>> Karsten
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191214/e58e6bf2/attachment.html>
More information about the sr-users
mailing list