Force SRTP in 200 OK SDP after INVITE w/no SDP

I am supposed to interoperate over a SIP trunk, where the other end
sends INVITEs with no SDP, but he expects my (183 and) 200 will
have the SRTP bits in the SDP or the call is rejected.

When my side sends the INVITE it sends w/ SDP that contains the
SRTP bits and all is well, so I think I have SRTP config’d correctly.

Is this a bug, or is there a setting in sip.conf that I have overlooked?

Ideas? Thanks,

The only setting for turning on the SRTP bits is setting the encryption=yes option for the SIP peer you want to enable encryption for.

yes, I’ve got that set, and when I send the INVITE, or when I receive
an INVITE with a=crypto line in the SDP, it’s all good.

So, I guess I’ll file a report on the issue tracker.[1]



The handling for invite without SDP is somewhat flawed in Asterisk, particularly for re-invite’s. E.g. see

Ah, yes, thanks for that pointer.
I too am seeing my problem because of a Cisco device
sending INVITE with no SDP, so it is definitely related.
And I may be seeing the same hold issue.
So if I have anything to contribute to that discussion, I
know where to go.

I have opened another, closely related issue,

Currently, there is no configuration parameter to specify which
crypto suite should be sent in an SRTP offer.