Opened 5 years ago

Closed 5 years ago

#1856 closed enhancement (fixed)

Offer only current active crypto on re-INVITE

Reported by: nanang Owned by: nanang
Priority: normal Milestone: release-2.4.5
Component: pjmedia Version: trunk
Keywords: sipit31 Cc:
Backport to 1.x milestone: Backported: no

Description

On re-INVITE (e.g: lock codec, ICE update, session refresh), SRTP sends all crypto-suites instead of just the currently active. In the Sipit31 tests, this seems to be just fine (the same current active cryptos were used on both sides, no RTP protect/unprotect error), but this is perhaps risky, e.g: remote may mistakenly see it as SRTP session restart, thus remote will reset its SRTP states (so RTP seq calculation became out of sync, etc). So sending the current active crypto should be safer.

Change History (1)

comment:1 Changed 5 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5103:

Close #1856: Offer only current active crypto on re-INVITE.

Note: See TracTickets for help on using tickets.