Symptom

CUBE enforce incorrect srtp key in 200OK during early dialog UPDATE, resulting call establishment failure. Call flow: CUCM > srtp > CUBE > rtp > ITSP 1. CUCM sends INVITE to CUBE with only crypto AES_CM_128_HMAC_SHA1_32 2. CUBE replies 183 with same crypto suit (PRACK is enabled) 3. CUCM sends early dialog UPDATE with SDP and 4x crypto lines: AEAD_AES_256_GCM AEAD_AES_128_GCM AES_CM_128_HMAC_SHA1_80 AES_CM_128_HMAC_SHA1_32 4. CUBE forwards 200OK response with new selected AEAD_AES_256_GCM suite, but the key length is small in SDP - 40 characters which is not sufficient. 5. CUCM cancel call attempt with rc=47

Conditions

Workaround

Avoid using GCM ciphers, apply below globally or on desired dial-peer with srtp capability: ! voice class srtp-crypto 1 crypto 1 AES_CM_128_HMAC_SHA1_32 crypto 2 AES_CM_128_HMAC_SHA1_80 !

Further Problem Description