sdes-profile
The sdes-profile configuration element lets you configure the parameter values offered or accepted during SDES negotiation.
Parameters
- name
- Sets the name of this object.
- crypto-list
- Sets the the encryption and authentication algorithms accepted
or offered by this sdes-profile
- Default: AES_CM_128_HMAC_SHA1_80
- Values:
- AES_CM_128_HMAC_SHA1_80
- AES_CM_128_HMAC_SHA1_32
- AES_256_CM_HMAC_SHA1_80
- AEAD_AES_256_GCM
- srtp-auth
- UNUSED
- Default: enabled
- Values: enabled | disabled
- srtp-encrypt
-
This parameter enables or disables the encryption of RTP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.
With encryption disabled, the Oracle Communications Session Border Controller does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.- Default: enabled
- Values: enabled | disabled
- srtcp-encrypt
-
This parameter enables or disables the encryption of RTCP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.
With encryption disabled, the Oracle Communications Session Border Controller does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.- Default: enabled
- Values: enabled | disabled
- mki
-
This parameter enables or disables the inclusion of the MKI:length field in the SDP crypto attribute.
- Default: enabled
- Values:
- enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)
- disabled – no MKI field is sent
- egress-offer-format
- Sets any manipulation on SDP offer.
- Default: same-as-ingress
- Values:
- same-as-ingress - the Oracle Communications Session Border Controller leaves the profile of the media lines unchanged.
- simultaneous-best-effort - the Oracle Communications Session Border Controller Adds an RTP/SAVP media line for any media profile that has only the RTP/AVP media profile, and Adds an RTP/AVP media line for any media profile that has only the RTP/SAVP media profile
- srtp-rekey-on-reinvite
-
This parameter enables or disables the re-keying upon the receipt of a SIP reINIVTE that contains SDP for the STRP Re-keying feature.
- Default: enabled
- Values: enabled | disabled
- use-ingress-session-params
- Enter the list of values for which the Oracle Communications Session Border Controller will accept and (where
applicable) mirror the UA’s proposed cryptographic session parameters:
- srtp-auth—Decides whether or not authentication is performed in SRTP
- srtp-encrypt—Decides whether or not encryption is performed in SRTP
- srtcp-encrypt—Decides whether or not encryption is performed in SRTCP
ORACLE(sdes-profile)# use-ingress-session-params “srtp-auth srtp-encrypt srtcp-encrypt"
Path
sdes-profile is a configuration element under the security > media-security path. The full path from the topmost ACLI prompt is: .