Optimistic SRTP is the ability to enable SRTP but not have it be
a fatal requirement. If SRTP can be used it will be, if not it won't be.
This gives you a better chance of using it without having your sessions
fail when it can't be.
Encrypt all the things!
Review: https://reviewboard.asterisk.org/r/3992/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@428222 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Testing has shown repeatedly that PJSIP's default behavior of switching
automatically to TCP for large messages can cause issues. The most common
issues are that devices that we are communicating with do not handle the
switch to TCP gracefully, thus causing situations such as broken calls or
broken subscriptions. Now, in order to have this behavior happen, you must
opt into it. The sample file has been updated to warn that enabling the
TCP switch behavior may cause issues for you, so use at your own risk.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@427334 65c4cc65-6c06-0410-ace0-fbb531ad65f3
When a packet exceeds the MTU, pjproject will switch from UDP to TCP. In
some circumstances (on some networks), this can cause some issues with
messages not getting sent to the correct destination - and can also cause
connections to get dropped due to quirks in pjproject deciding to
terminate TCP connections with no messages.
While fixing the routing/messaging issues is important, having a
configuration option in Asterisk that tells pjproject to not switch over
to TCP would be useful. That way, if some glitch is discovered on some
other network/site, we can at least disable the behavior until a fix is
put into place.
AFS-197 #close
Review: https://reviewboard.asterisk.org/r/4137/
........
Merged revisions 427129 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@427130 65c4cc65-6c06-0410-ace0-fbb531ad65f3
A question arose as to whether a .pem file
could be provided in place of the .crt and
.key files in a PJSIP TLS configuration. I
tested this and discovered that although a
cert will be read from the pem file, a key
will not, and thus the priv_key_file entry
is still required. This update to the fine
documentation clarifies the option usage.
AST-1448 #close
Review: https://reviewboard.asterisk.org/r/4129/
Reported by: John Bigelow
........
Merged revisions 426928 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@426930 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Improvements to the res_pjsip transport cipher option.
* Made the cipher option accept a comma separated list of OpenSSL cipher
names. Users of realtime will be glad if they have more than one name to
list.
* Added the CLI command 'pjsip list ciphers' so a user can know what
OpenSSL names are available for the cipher option.
* Updated the cipher option online XML documentation to specify what is
expected for the value.
* Updated pjsip.conf.sample to not indicate that ALL is acceptable since
ALL does not imply a preference order for the ciphers and PJSIP does not
simply pass the string to OpenSSL for interpretation.
ASTERISK-24199 #close
Reported by: Joshua Colp
Review: https://reviewboard.asterisk.org/r/4018/
........
Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@424394 65c4cc65-6c06-0410-ace0-fbb531ad65f3
During the latest update to DTLS-SRTP support the ability to configure
the hash used for fingerprints was added. This gave us two supported ones:
SHA-1 and SHA-256. The default was accordingly updated to SHA-256.
Unfortunately this configuration ability was not exposed within res_pjsip.
This change adds a dtls_fingerprint option that controls it.
#SIPit31
........
Merged revisions 424290 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@424291 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This updates the code behind PJSIP configuration options with custom
handlers to deal with the assigned default values properly where it
makes sense and adjusting the default value where it doesn't. Before
applying this patch, there were several cases where the default value
for an option would prevent that config section from loading properly.
Reported by: Thomas Thompson
Review: https://reviewboard.asterisk.org/r/4019/
........
Merged revisions 424263 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@424266 65c4cc65-6c06-0410-ace0-fbb531ad65f3
On review /r/3977, it was recommended to note in the
sample configuration about the size limitation for
resource lists. However, since there was no section in
the sample configuration at all for resource list
subscriptions, I decided to make a separate commit
where I have added the necessary sample configuration
as well as the size limitation warning.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@422853 65c4cc65-6c06-0410-ace0-fbb531ad65f3
