Symptom
CUBE enforce incorrect srtp key in 200OK during early dialog UPDATE, resulting call establishment failure.
Call flow:
CUCM > srtp > CUBE > rtp > ITSP
1. CUCM sends INVITE to CUBE with only crypto AES_CM_128_HMAC_SHA1_32
2. CUBE replies 183 with same crypto suit (PRACK is enabled)
3. CUCM sends early dialog UPDATE with SDP and 4x crypto lines:
AEAD_AES_256_GCM
AEAD_AES_128_GCM
AES_CM_128_HMAC_SHA1_80
AES_CM_128_HMAC_SHA1_32
4. CUBE forwards 200OK response with new selected AEAD_AES_256_GCM suite, but the key length is small in SDP - 40 characters which is not sufficient.
5. CUCM cancel call attempt with rc=47
Workaround
Avoid using GCM ciphers, apply below globally or on desired dial-peer with srtp capability:
!
voice class srtp-crypto 1
crypto 1 AES_CM_128_HMAC_SHA1_32
crypto 2 AES_CM_128_HMAC_SHA1_80
!
