McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 51

↗ View in doc context
page
51
source
cucm/v12.0.1/sip-line-messaging/sip-line-messaging.md
chunk_id
cucm::v12.0.1::sip-line-messaging::sip-line-messaging::50

Confidential-Access-Level: 4;mode=variable;ref=4,rmode=variable;EXTERNAL 418 Incompatible CAL message: When an AS-SIP signaling appliance (i.e., LSC or SS) in the signaling path between parties receives an initial INVITE with a CAL header that the AS-SIP signaling appliance cannot successfully resolve against the locally configured value of the next hop routing domain, CAL Header Processing, then the AS-SIP signaling appliance respond with a 418 Incompatible CAL. CAL causes Additional Headers to be included in INVITE messages. Some SIP entities may not support it. So there are parameters to control the inclusion on CAL header using SIP profile. The parameter ‘Confidential Access Level Headers’ in sip profile takes three values ‘Disabled’, ‘Preferred’, and ‘Required’. These options would do the following: • Disabled—would not send any CAL headers. • Preferred—would include the CAL header in INVITE message and put the "confidential-access-level" tag in a Supported header. • Required—would include the CAL header in INVITE message and put the "confidential-access-level" tag in Require and Proxy-Require headers. The CAL header is populated in INVITE, 180 Ringing, 200 OK, and UPDATE messages. AES 256 GCM Support for SRTP and TLS With release 10.5(2), AES 256 Galois/Counter Mode crypto cipher suite support has been added for both SRTP and TLS. AES 256 GCM Support for SRTP Cisco Unified Communications Manager now supports the following SRTP crypto cipher suites: • AEAD_AES_256_GCM (32-byte key) • AEAD_AES_128_GCM (16-byte key) When a SIP line advertises one of the two GCM crypto cipher suites, Cisco Unified Communications Manager can negotiate these ciphers based on the cipher preference set by the SIP Line endpoint and the existing cipher negotiation rules. Cisco Unified Communications Manger gives preference to the GCM cipher over a SHA1 cipher, due to higher security, in the event there is a tie. In addition, a new enterprise parameter, SRTP Ciphers, has been added to determine which crypto cipher suites Cisco Unified Communications Manager allows endpoints to use for SRTP. By default, Cisco Unified Communications Manager allows all ciphers, including AES 256 GCM and AES 128 GCM, to be used. However, you can reconfigure the SRTP Ciphers enterprise parameter so that Cisco Unified Communications Manager accepts only an AES 128 SHA cipher and rejects attempts to use either the AES 256 GCM or AES 128 GCM cipher. Following is the sample crypto attribute line that gets appended for each media line in the SDP message: a=crypto:1 AEAD_AES_256_GCM inline:iZLP7bds308s27xmZZ7fMwycIO2FRhnnk/Br1Q/d1zYNd30YIIF9FkGUn3c= a=crypto:2 AEAD_AES_128_GCM inline:sExqh5iE+ILVuHiQVTuKoDrHCFVWjdv9EXnMcQ== SIP Line Messaging Guide (Standard Edition) for Cisco Unified Communications Manager 47 SIP Standard Line Interface AES 256 GCM Support for SRTP and TLS