AES-256 was added via ASTERISK-26190. Please, note it’s description, especially the last sentence: ‘When you have to go for additional suites on egress, enable those via CFLAGS’. Consequently, as of today, you cannot enable/configure AES-256 at runtime. Instead, you have to re-configure your Asterisk and compile it again: make distclean CFLAGS='-DENABLE_SRTP_AES_256' ./configure make sudo make install
If that does not work (anymore), please, report here (and create an issue report). However, if you want to have this configured at runtime, this would be a Feature Request…
One more thing. After setting that CFLAG, AES-256 is offered on egress but is not the primary crypto suite. However, my copy of CounterPath Bria Mobile only chooses the first compatible crypto suite. Therefore, to actually use AES-256 with CounterPath, you have to change the order of the crypto suites in Asterisk: res/res_srtp.c:res_sdp_srtp_get_attr, array attr. The first entry { len, 0, 30 } (which is AES_CM_128) must be moved to the back of that array. After that, AES_256_CM is the primary crypto suite.
@tatuan both authentication bit strengths are accepted on ingress. For egress, you can control the auth strength for AES-256 via the parameter encryption_taglen (configuration file sip.conf for the SIP channel driver chan_sip) or srtp_tag_32 (configuration file pjsip.conf for the SIP channel driver chan_pjsip) too. Does this not work for you?
By the way, if you want to play around with the various possibilities (strengths, offers, orders, exclusions), I recommend Acrobits Groundwire. In that app, you can configure the crypto suites as you like.
Thanks Traud for reply, I am using my phone support AES-256, then Asterisk says that it is not supported. 1 more thing, When I use AES_128, my phone can work with asterisk AES_128_CM_HMAC_SHA1_80 only, when I use AES_128_CM_HMAC_SHA1_32, the call is dropped and phone is re-registered. I am using freepbx 14+ asterisk 15
Because I do not use FreePBX, I cannot help you with that. Perhaps somebody else comes by who knows that. Until then, I recommend to re-ask that question in the FreePBX Community. There, do not forget to mention which phone you use exactly. And whether that applies to ingress or egress calls. If you are using a softphone, do not forget to mention the platform and versions, you are using. That way, somebody is able to reproduce your issue. When you create that description of your issue, envision someone who has not installed/used FreePBX before; and then simply state whatever you did (installed/configured). Finally, when you created that post/thread, link it here so these threads are connected.