Disable SRTP?

[Sjoerd Boomstra]

Hi,

I'm struggling with rtpengine in combination with SIPREC.

The Invite is handled by drachtio, and a javascript application is called on invite. This application communicates with rtpengine via the API, using the offer/answer/delete commands.

The SBC we're connected to wants to send one rtp stream encrypted and the other unencrypted;

Without extra configuration, rtpengine returns a SDP header for 2 encrypted streams (both streams have a audio RTP/SAVP line, the first stream contains 12 a=crypto lines; the second stream has only one crypto line (crypto:1 AES_CM_128_HMAC_SHA1_80 inline:...)

We've tried to disable SRTP altogether, by adding the DTLS=disable and SDES=disable parameters to the offer command. This does not give me the expected result;

Both streams get the audio RTP/SAVP line and one of the streams has also one a=crypto line.

Is there another option to for Rtpengine to not allow encrypted streams?

Best regards,

Sjoerd Boomstra,

Telecats.

[Richard Fuchs]

On 08/07/2024 03.35, Sjoerd Boomstra wrote:
> We've tried to disable SRTP altogether, by adding the DTLS=disable and
> SDES=disable parameters to the offer command. This does not give me
> the expected result;
> Both streams get the audio RTP/SAVP line and one of the streams has
> also one a=crypto line.
>
> Is there another option to for Rtpengine to not allow encrypted streams?

Yes, the correct way is to set the transport protocol to plain RTP:
`transport-protocol=RTP/AVP`

Cheers

[Sjoerd Boomstra]

Hi Richard,

Thanks for the hint, this does the trick. I guess the DTLS and SDES options are not needed?

Best regards,

Sjoerd.

Op maandag 8 juli 2024 om 14:23:47 UTC+2 schreef rfuchs:

[Richard Fuchs]

On 08/07/2024 09.41, Sjoerd Boomstra wrote:
> Hi Richard,
>
> Thanks for the hint, this does the trick. I guess the DTLS and SDES
> options are not needed?

Right, those are only needed for an SRTP offer, to control whether you
want SDES or DTLS or both.

Cheers