sdes-profile
The sdes-profile configuration element lets you configure the parameter values offered or accepted during SDES negotiation.
Parameters
- name
- Sets the name of this object.
- crypto-list
- Sets the the encryption and authentication algorithms accepted
or offered by this sdes-profile
- Default: AES_CM_128_HMAC_SHA1_80
- Values:
- AES_CM_128_HMAC_SHA1_80
- AES_CM_128_HMAC_SHA1_32
- AES_256_CM_HMAC_SHA1_80
- AEAD_AES_256_GCM
- srtp-auth
- UNUSED
- Default: enabled
- Values: enabled | disabled
- srtp-encrypt
-
This parameter enables or disables the encryption of RTP packets. With encryption enabled, the default condition, the SBC offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.
With encryption disabled, the SBC does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.- Default: enabled
- Values: enabled | disabled
- srtcp-encrypt
-
This parameter enables or disables the encryption of RTCP packets. With encryption enabled, the default condition, the SBC offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.
With encryption disabled, the SBC does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.- Default: enabled
- Values: enabled | disabled
- mki
-
This parameter enables or disables the inclusion of the MKI:length field in the SDP crypto attribute.
- Default: disabled
- Values:
- enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)
- disabled – no MKI field is sent
- egress-offer-format
- Sets any manipulation on SDP offer.
- Default: same-as-ingress
- Values:
- same-as-ingress - the SBC leaves the profile of the media lines unchanged.
- simultaneous-best-effort - the SBC Adds an RTP/SAVP media line for any media profile that has only the RTP/AVP media profile, and Adds an RTP/AVP media line for any media profile that has only the RTP/SAVP media profile
- rfc5939-compliant - the SBC attempts to initiate and RFC 5939 compliant SDP exchange, but falls back to RFC 3562 if the presented signaling does not establish end-to-end support.
- srtp-rekey-on-reinvite
-
This parameter enables or disables the re-keying upon the receipt of a SIP reINIVTE that contains SDP for the STRP Re-keying feature.
- Default: enabled
- Values: enabled | disabled
- use-ingress-session-params
- Enter the list of values for which the SBC will accept and (where applicable) mirror the UA’s proposed cryptographic session parameters. If you want to enter multiple values, you can put them in the same command line entry separated by commas. For example srtcp-encrypt,srtp-auth,srtp-encrypt. You can also enter the values within double quotes. For example "srtcp-encrypt,srtp-auth,srtp-encrypt" or within parenthesis (srtcp-encrypt,srtp-auth,srtp-encrypt). You cannot use spaces as separators.
- srtp-auth—Decides whether or not authentication is performed in SRTP
- srtp-encrypt—Decides whether or not encryption is performed in SRTP
- srtcp-encrypt—Decides whether or not encryption is performed in SRTCP
ORACLE(sdes-profile)# use-ingress-session-params (srtcp-encrypt,srtp-auth,srtp-encrypt)
Path
sdes-profile is a configuration element under the security > media-security path. The full path from the topmost ACLI prompt is: .