4.2 Client Requires Encryption but Peer Does Not Allow It
Alice sends Bob an INVITE for an audio/video call requesting encryption by including an a=encryption:required attribute and the SDP k= field with a suitable key.
Because Bob does not allow encryption, he rejects the INVITE with a "488 Encryption Levels not compatible" response.
Alice sends an ACK. The call is not established.
Figure 2: Alice requires encryption
An example of SDP signaling in the INVITE that is sent across the wire is as follows.
-
v=0 o=- 0 0 IN IP4 11.22.33.44 s=session c=IN IP4 11.22.33.44 b=CT:1000 t=0 0 m=audio 5050 RTP/AVP 97 111 112 6 0 8 4 5 3 101 k=base64: Y6UN8SAFnqNTI61uN+1II3dqRk0spxbtqfuv5EYSYSM a=rtpmap:97 red/8000 a=rtpmap:111 SIREN/16000 a=fmtp:111 bitrate=16000 a=rtpmap:112 G7221/16000 a=fmtp:112 bitrate=24000 a=rtpmap:6 DVI4/16000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:4 G723/8000 a=rtpmap:5 DVI4/8000 a=rtpmap:3 GSM/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=encryption:required m=video 5036 RTP/AVP 34 31 k=base64: Y6UN8SAFnqNTI61uN+1II3dqRk0spxbtqfuv5EYSYSM a=rtpmap:34 H263/90000 a=rtpmap:31 H261/90000 a=encryption:required
An example of the SIP error response is as follows.
-
SIP/2.0 488 Encryption Levels not compatible Via: SIP/2.0/TCP 11.22.33.44:4934 From: "Alice" <sip:alice@contoso.com>;tag=b8c543e1-ffb3-4b5a-880c-4d78f37643bb To: <sip:bob@contoso.com>;tag=27221d0e-26d4-410f-9363-6ad3337cf152 Call-ID: 01a465dd-dafd-461d-a6ef-99c2c7df0e27@11.22.33.44 CSeq: 2 INVITE Warning: 308 ms.com "Encryption Levels not compatible" Content-Length: 0