Asterisk 22 trying to activate :aes_256

Asterisk Asterisk SIP
1

been trying lately to enable aes_256 that turned to not being enabled by default: unsupported crypto suite error.
so i tried this:

** If you want to enable one of those defines, please, go for**
**			 * CFLAGS='-DENABLE_SRTP_AES_GCM' ./configure && sudo make install**
**			 */**
				{ len, 0, 30 },
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
				{ AST_SRTP_CRYPTO_TAG_16, 0, AES_128_GCM_KEYSIZE_WSALT },
#endif
#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
				{ len, AST_SRTP_CRYPTO_AES_256, 46 },
#endif
#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
				{ AST_SRTP_CRYPTO_TAG_16, AST_SRTP_CRYPTO_AES_256, AES_256_GCM_KEYSIZE_WSALT },
#endif
#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
				{ len, AST_SRTP_CRYPTO_AES_192, 38 },
#endif

i reconfigured my asterisk with this cflag and then tried to make the call, but it is still not accepted, probably the message of unsupported crypto suite has vanished but i realized that sdp is not accepting my aes_256 from the endpoints.

1 Like
2

(post deleted by author)

3

update, aes 256 is already enabled by default and no need to raise the cflag for it, yet whenever i try to make a call using aes_cm_256_hmac_sha1_80, the asterisk server will refuse the call and send me:
error: res_pjsip_session.c:946 handle_incoming_sdp: :couldn’t negotiate stream 0:audio-0:audio:sendrecv (nothing).

asterisk will only accept if the callee offered a crypto suite that is aes_cm_128_hmac_sha1_80, otherwise it will act as if it does not support aes_256_cm…

how could i submit this as an issue to be followed by astersik community?

4

Issues are filed on Github[1]. You will need to provide details on what exactly you’ve done, the configuration, along with a SIP trace.

[1] GitHub · Where software is built

1 Like
5

thank you, i submitted a ticket.