No subject
Thu Feb 26 09:39:55 CET 2009
www_authenticate return code is 3 (NONCE_REUSED), the REGISTER or any
other authenticated package should be rejected. But the usual examples
of kamailio.cfg show that the message is rejected only if
www_authenticate reply is < 0. So how exactly is the safe way to use
it?
2009/4/8 Henning Westerholt <henning.westerholt at 1und1.de>:
> On Wednesday 08 April 2009, catalina oancea wrote:
>> Does anybody know in which situation the NONCE_REUSED return code for
>> www_authenticate would appear? I understand the usage of the
>> STALE_NONCE code, this is when the nonce expires and the servers sends
>> a new nonce to the phone. But why is the NONCE_REUSED used and why
>> does it occur sometimes? Should I reject or accept the registration
>> when this code appears?
>>
>> =A0 =A0 NONCE_REUSED =A0 =A0 =A0 =A0/* Returned if nonce is used more th=
an once */
>
> Hi Catalina,
>
> this is related to a security enhancement that was added about half a yea=
r or
> so. Take a look at the announcement of this functionality for more
> informations: http://lists.kamailio.org/pipermail/users/2008-June/017696.=
html
>
> Cheers,
>
> Henning
>
More information about the Users
mailing list