4.2 Client Requires Encryption but Peer Does Not Allow It

Alice sends Bob an INVITE for an audio/video call requesting encryption by including an a=encryption:required attribute and the SDP k= field with a suitable key.

  • Because Bob does not allow encryption, he rejects the INVITE with a "488 Encryption Levels not compatible" response.

  • Alice sends an ACK. The call is not established.

Alice requires encryption

Figure 2: Alice requires encryption

An example of SDP signaling in the INVITE that is sent across the wire is as follows.

 o=- 0 0 IN IP4
 c=IN IP4
 t=0 0
 m=audio 5050 RTP/AVP 97 111 112 6 0 8 4 5 3 101
 k=base64: Y6UN8SAFnqNTI61uN+1II3dqRk0spxbtqfuv5EYSYSM
 a=rtpmap:97 red/8000
 a=rtpmap:111 SIREN/16000
 a=fmtp:111 bitrate=16000
 a=rtpmap:112 G7221/16000
 a=fmtp:112 bitrate=24000
 a=rtpmap:6 DVI4/16000
 a=rtpmap:0 PCMU/8000
 a=rtpmap:8 PCMA/8000
 a=rtpmap:4 G723/8000
 a=rtpmap:5 DVI4/8000
 a=rtpmap:3 GSM/8000
 a=rtpmap:101 telephone-event/8000
 a=fmtp:101 0-16
 m=video 5036 RTP/AVP 34 31
 k=base64: Y6UN8SAFnqNTI61uN+1II3dqRk0spxbtqfuv5EYSYSM
 a=rtpmap:34 H263/90000
 a=rtpmap:31 H261/90000

An example of the SIP error response is as follows.

    SIP/2.0 488 Encryption Levels not compatible
 Via: SIP/2.0/TCP
 From: "Alice" <sip:alice@contoso.com>;tag=b8c543e1-ffb3-4b5a-880c-4d78f37643bb
 To: <sip:bob@contoso.com>;tag=27221d0e-26d4-410f-9363-6ad3337cf152
 Call-ID: 01a465dd-dafd-461d-a6ef-99c2c7df0e27@
 Warning: 308 ms.com "Encryption Levels not compatible"
 Content-Length: 0