Al S wrote > I am registering my client to kamailo successfully. > client --> Register --> kamailioclient <-- 401 with nonce value <-- > kamailioclient --> Register with nonce and md5 response values --> > kamailioclient <-- 200ok <-- kamailio > However, when the client sends an invite with the same digest values, > kamailio sends a 407 request for another challenge: > client --> Invite with the same nonce and md5 response values --> > kamailioclient <-- 407 <-- kamailio > I am thinking the same digest values from register could be used for > making calls. > Thanks,Al > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@.sip-router > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users Hi! Kamailio behave according to RFC in this point. Without this, if, you use e.g. UDP as a transport, the sip exchange can be eavesdropped, and man-in-a-middle get nonce from response and use it for INVITE - as a result get unauthorised access. This is why Kamailio ask new authorisation in 407 (with new nonce) Cheers -- View this message in context: http://sip-router.1086192.n5.nabble.com/sending-INVTE-with-Digest-values-tp139891p139892.html Sent from the Users mailing list archive at Nabble.com. _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
