| Summary: | ASTERISK-12562: New config parameter to enforce encryption | ||
| Reporter: | Stefan Gofferje (sgofferj) | Labels: | |
| Date Opened: | 2008-08-11 12:02:34 | Date Closed: | 2009-02-12 15:34:09.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Currently, Asterisk does not indicate in any way if an IAX connection is really encrypted. Even the (E) in iax2 show peers only indicates the configured capability. In sensitive environments it is imperative to know if a call is actually encrypted. Therefore I'd like to suggest a new directive per peer for iax.conf: forceencryption=(yes|no) The directive will cause a call not to be set up (=fail) if not both sides agree on encryption. | ||
| Comments: | By: Leif Madsen (lmadsen) 2008-08-11 13:38:02 I do agree with the suggestion, however features need to be filed with code. I will leave this bug open for a few days to see if anyone would like to pick this up and make the change since it appears that it should be fairly straight forward. By: Russell Bryant (russell) 2008-09-09 07:20:37 blitzrage is right in that we usually do not leave feature requests without patches open on the bug tracker. However, I fully agree with this one. If nobody else does, I would be happy to implement it. By: Leif Madsen (lmadsen) 2008-12-09 08:01:23.000-0600 Ask and ye shall receive! By: Russell Bryant (russell) 2009-01-26 22:25:58.000-0600 dvossel, I've had this on my list for a while now but have not had a chance to work on it. I think it would be a good feature for you to work on. There are actually a few things related to this that we should consider. First, we need an option to force all calls to a specific IAX2 peer to be encrypted. That will satisfy the feature request posted here. While we're on the topic, we should also look at adding a way to be able to detect from the dialplan whether the incoming call is encrypted or not. Terry Wilson has been working on some somewhat related code for SRTP. We should talk to him to see what configuration directives he has in that branch. If he has implemented some dialplan parts, we should try to make the IAX2 version as similar as possible for consistency. By: Digium Subversion (svnbot) 2009-02-12 15:27:14.000-0600 Repository: asterisk Revision: 175344 U trunk/CHANGES U trunk/channels/chan_iax2.c U trunk/configs/iax.conf.sample ------------------------------------------------------------------------ r175344 | dvossel | 2009-02-12 15:27:14 -0600 (Thu, 12 Feb 2009) | 10 lines Adds force encryption option to iax.conf This patch adds forceencryption=yes as an iax.conf option. When force encryption is enabled, no unencrypted connections are allowed. This insures all connections are encrypted. This is a new feature, so CHANGES and iax.conf.sample are updated as well. (closes issue ASTERISK-12562) Reported by: sgofferj Tested by: russell Review: http://reviewboard.digium.com/r/150/ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=175344 By: Digium Subversion (svnbot) 2009-02-12 15:33:15.000-0600 Repository: asterisk Revision: 175366 _U branches/1.6.0/ ------------------------------------------------------------------------ r175366 | dvossel | 2009-02-12 15:33:15 -0600 (Thu, 12 Feb 2009) | 15 lines Blocked revisions 175344 via svnmerge ........ r175344 | dvossel | 2009-02-12 15:27:11 -0600 (Thu, 12 Feb 2009) | 10 lines Adds force encryption option to iax.conf This patch adds forceencryption=yes as an iax.conf option. When force encryption is enabled, no unencrypted connections are allowed. This insures all connections are encrypted. This is a new feature, so CHANGES and iax.conf.sample are updated as well. (closes issue ASTERISK-12562) Reported by: sgofferj Tested by: russell Review: http://reviewboard.digium.com/r/150/ ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=175366 By: Digium Subversion (svnbot) 2009-02-12 15:34:08.000-0600 Repository: asterisk Revision: 175367 _U branches/1.6.1/ ------------------------------------------------------------------------ r175367 | dvossel | 2009-02-12 15:34:07 -0600 (Thu, 12 Feb 2009) | 15 lines Blocked revisions 175344 via svnmerge ........ r175344 | dvossel | 2009-02-12 15:27:11 -0600 (Thu, 12 Feb 2009) | 10 lines Adds force encryption option to iax.conf This patch adds forceencryption=yes as an iax.conf option. When force encryption is enabled, no unencrypted connections are allowed. This insures all connections are encrypted. This is a new feature, so CHANGES and iax.conf.sample are updated as well. (closes issue ASTERISK-12562) Reported by: sgofferj Tested by: russell Review: http://reviewboard.digium.com/r/150/ ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=175367 By: Eugene (varnav) 2014-07-17 13:19:57.670-0500 It could be better, instead of adding new parameter, to use the old one: encryption=yes|no|force Sorry for necroposting. | ||