sdes-profile
The sdes-profile configuration element lets you configure the parameter values offered or accepted during SDES negotiation.
Parameters
- name
- Sets the name of this object.
- crypto-list
- Sets the the encryption and authentication algorithms accepted
or offered by this sdes-profile
- Default: AES_CM_128_HMAC_SHA1_80
- Values:
- AES_CM_128_HMAC_SHA1_80
- AES_CM_128_HMAC_SHA1_32
- AES_256_CM_HMAC_SHA1_80
- AEAD_AES_256_GCM
- srtp-auth
- UNUSED
- Default: enabled
- Values: enabled | disabled
- srtp-encrypt
-
This parameter enables or disables the encryption of RTP packets. With encryption enabled, the default condition, the SBC offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.
With encryption disabled, the SBC does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.- Default: enabled
- Values: enabled | disabled
- srtcp-encrypt
-
This parameter enables or disables the encryption of RTCP packets. With encryption enabled, the default condition, the SBC offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.
With encryption disabled, the SBC does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.- Default: enabled
- Values: enabled | disabled
- mki
-
This parameter enables or disables the inclusion of the MKI:length field in the SDP crypto attribute.
- Default: enabled
- Values:
- enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)
- disabled – no MKI field is sent
- egress-offer-format
- Sets any manipulation on SDP offer.
- Default: same-as-ingress
- Values:
- same-as-ingress - the SBC leaves the profile of the media lines unchanged.
- simultaneous-best-effort - the SBC Adds an RTP/SAVP media line for any media profile that has only the RTP/AVP media profile, and Adds an RTP/AVP media line for any media profile that has only the RTP/SAVP media profile
- rfc5939-compliant - the SBC attempts to initiate and RFC 5939 compliant SDP exchange, but falls back to RFC 3562 if the presented signaling does not establish end-to-end support.
- srtp-rekey-on-reinvite
-
This parameter enables or disables the re-keying upon the receipt of a SIP reINIVTE that contains SDP for the STRP Re-keying feature.
- Default: enabled
- Values: enabled | disabled
- use-ingress-session-params
- Enter the list of values for which the SBC will accept and (where applicable) mirror the UA’s proposed
cryptographic session parameters:
- srtp-auth—Decides whether or not authentication is performed in SRTP
- srtp-encrypt—Decides whether or not encryption is performed in SRTP
- srtcp-encrypt—Decides whether or not encryption is performed in SRTCP
ORACLE(sdes-profile)# use-ingress-session-params “srtp-auth srtp-encrypt srtcp-encrypt"
Path
sdes-profile is a configuration element under the security > media-security path. The full path from the topmost ACLI prompt is: .