Cipher suite support

[pablo-gsm]

Hello,

I would like to use the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite. Is this cipher suite supported by libsrtp? If YES, which cipher policy should I use for it?

Best regards, Pablo

[paulej]

TLS_xxx indicates something for TLS. SRTP does not use TLS. What you should look at are the SRTP crypo suites listed here: https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml. From my own experience, the most common used appear to be AES_CM_128_HMAC_SHA1_80 and AEAD_AES_128_GCM, both of which are supported. See the srtp.h file for helper function definitions that will populate the data structures. For example, https://github.com/cisco/libsrtp/blob/master/include/srtp.h#L723 and https://github.com/cisco/libsrtp/blob/master/include/srtp.h#L1115, respectively.

[pablo-gsm]

Thanks @paulej ,I think TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is more related to the associated SIP negotiation.

[paulej]

SIP can use TLS for session establishment, but that's entirely unrelated to libsrtp.