sdes-profile

The sdes-profile configuration element lets you configure the parameter values offered or accepted during SDES negotiation.

Parameters

name

Sets the name of this object.

crypto-list

Sets the the encryption and authentication algorithms accepted or offered by this sdes-profile

Default: AES_CM_128_HMAC_SHA1_80
Values:
- AES_CM_128_HMAC_SHA1_80
- AES_CM_128_HMAC_SHA1_32
- AES_256_CM_HMAC_SHA1_80
- AEAD_AES_256_GCM

srtp-auth

UNUSED

Default: enabled
Values: enabled | disabled

srtp-encrypt

This parameter enables or disables the encryption of RTP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.

With encryption disabled, the Oracle Communications Session Border Controller does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.

Default: enabled
Values: enabled | disabled

srtcp-encrypt

This parameter enables or disables the encryption of RTCP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.

With encryption disabled, the Oracle Communications Session Border Controller does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.

Default: enabled
Values: enabled | disabled

mki

This parameter enables or disables the inclusion of the MKI:length field in the SDP crypto attribute.

Default: enabled
Values:
- enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)
- disabled – no MKI field is sent

egress-offer-format

Sets any manipulation on SDP offer.

Default: same-as-ingress
Values:
- same-as-ingress - the Oracle Communications Session Border Controller leaves the profile of the media lines unchanged.
- simultaneous-best-effort - the Oracle Communications Session Border Controller Adds an RTP/SAVP media line for any media profile that has only the RTP/AVP media profile, and Adds an RTP/AVP media line for any media profile that has only the RTP/SAVP media profile

srtp-rekey-on-reinvite

This parameter enables or disables the re-keying upon the receipt of a SIP reINIVTE that contains SDP for the STRP Re-keying feature.

Default: enabled
Values: enabled | disabled

use-ingress-session-params

Enter the list of values for which the Oracle Communications Session Border Controller will accept and (where applicable) mirror the UA’s proposed cryptographic session parameters:

srtp-auth—Decides whether or not authentication is performed in SRTP
srtp-encrypt—Decides whether or not encryption is performed in SRTP
srtcp-encrypt—Decides whether or not encryption is performed in SRTCP

ORACLE(sdes-profile)# use-ingress-session-params “srtp-auth srtp-encrypt
srtcp-encrypt"

Path

sdes-profile is a configuration element under the security > media-security path. The full path from the topmost ACLI prompt is: configure terminal, and then security, and then media-security, and then sdes-profile.