1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. sdes-profile

sdes-profile

The sdes-profile configuration element lets you configure the parameter values offered or accepted during SDES negotiation.

Parameters

name
Sets the name of this object.
crypto-list
Sets the the encryption and authentication algorithms accepted or offered by this sdes-profile
  • Default: AES_CM_128_HMAC_SHA1_80
  • Values: AES_CM_128_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_32
srtp-auth
UNUSED
  • Default: enabled
  • Values: enabled | disabled
srtp-encrypt

This parameter enables or disables the encryption of RTP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTP encryption, and rejects an answer that contains an UNENCRYPTED_SRTP session parameter in the crypto attribute.

With encryption disabled, the Oracle Communications Session Border Controller does not offer RTP encryption and includes an UNENCRYPTED_SRTP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTP session parameter.
  • Default: enabled
  • Values: enabled | disabled
srtcp-encrypt

This parameter enables or disables the encryption of RTCP packets. With encryption enabled, the default condition, the Oracle Communications Session Border Controller offers RTCP encryption, and rejects an answer that contains an UNENCRYPTED_SRTCP session parameter in the crypto attribute.

With encryption disabled, the Oracle Communications Session Border Controller does not offer RTCP encryption and includes an UNENCRYPTED_SRTCP session parameter in the SDP crypto attribute; it accepts an answer that contains an UNENCRYPTED_SRTCP session parameter.
  • Default: enabled
  • Values: enabled | disabled
mki
This parameter enables or disables the inclusion of the MKI:length field in the SDP crypto attribute.
  • Default: enabled
  • Values:
    • enabled – an MKI field is sent within the crypto attribute (16 bytes maximum)
    • disabled – no MKI field is sent
egress-offer-format
Sets any manipulation on SDP offer.
  • Default: same-as-ingress
  • Values:
    • same-as-ingress - the Oracle Communications Session Border Controller leaves the profile of the media lines unchanged.
    • simultaneous-best-effort - the Oracle Communications Session Border Controller Adds an RTP/SAVP media line for any media profile that has only the RTP/AVP media profile, and Adds an RTP/AVP media line for any media profile that has only the RTP/SAVP media profile
srtp-rekey-on-reinvite

This parameter enables or disables the re-keying upon the receipt of a SIP reINIVTE that contains SDP for the STRP Re-keying feature.

  • Default: enabled
  • Values: enabled | disabled
use-ingress-session-params
Enter the list of values for which the Oracle Communications Session Border Controller will accept and (where applicable) mirror the UA’s proposed cryptographic session parameters:
  • srtp-auth—Decides whether or not authentication is performed in SRTP
  • srtp-encrypt—Decides whether or not encryption is performed in SRTP
  • srtcp-encrypt—Decides whether or not encryption is performed in SRTCP 
ORACLE(sdes-profile)# use-ingress-session-params “srtp-auth srtp-encrypt
srtcp-encrypt"

Path

sdes-profileis a configuration element under the security > media-security path. The full path from the topmost ACLI prompt is: configure terminal, and then security, and then media-security, and then sdes-profile.