[pjsip] SRTP

Benny Prijono bennylp at pjsip.org
Fri Feb 1 04:05:58 EST 2008

Hi Michael,

On 1/31/08, Michael Bradley Jr <mbradley.jr at gmail.com> wrote:
> Hi,
> i'm using the latest svn version of pjsua to communicate between two parties.
> I've set SRTP as mandatory for the media transport with the following parameters:
>   --use-srtp 2 --srtp-secure 0
> Everything is fine but Wireshark keep telling me
> "SRTP Payload with NULL encryption".
> Is that correct?
> Here is the snippet of the Offer SDP
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VLDONbsbGl2Puqy+0PV7w/uGfpSPKFevDpxGsxN3
> a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:lp5JGr/jKVzCzLyORdEMJjUPszZmioZ3zubVizTX
> and here is the encryption part of the Answer SDP
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:y71cYd6MyNqA9ywtm0rS2KBRDByG6/7vuQnyeL8T
> So my question, did pjsua used NULL encryption or AES_CM_128_HMAC_SHA1_80 as
> suggested in the Answer-SDP?

I don't know how Wireshark can find out the cipher from RTP packets
(AFAIK you'd have to see the SDP negotiation), but I think it's wrong.
The RTP packets should be encrypted, and you can verify this by saving
the (G711) payload to a file and see the contents.

What Wireshark version are you using? Mine doesn't seem to even know about SRTP.

> Another question, when the caller uses (--use-srtp 1) and the callee has
> (--use-srtp 2) the call is always unencrypted. Is there a way to change that
> behavior in pjsua?

Somehow it did not happen here (I'm using r1761). The call is rejected
with 406/Not Acceptable.


> Thanks in advance for any help
> Michael

More information about the pjsip mailing list