Sip dtls-srtp call hangup after 480 sec of audio

Hi,

i’m having an issue with srtp where the call is drop exactly at 480sec with the message:

2024-01-03 16:06:49.821531 97.93% [WARNING] switch_rtp.c:3331 audio Handshake failure 1. This may happen when you use legacy DTLS v1.0 (legacyDTLS channel var is set) but endpoint requires DTLS v1.2.
2024-01-03 16:06:49.821531 97.93% [INFO] switch_rtp.c:3332 Changing audio DTLS state from HANDSHAKE to FAIL
...
2024-01-03 16:06:49.841530 97.93% [NOTICE] switch_rtp.c:3313 Hangup sofia/192.40.20.13_tls/sip:123456789@9.125.98.25:5061 [CS_EXCHANGE_MEDIA] [DESTINATION_OUT_OF_ORDER]

The DTLS negotiation is done correctly and i can have 8min of audio both ways:

2024-01-03 15:58:46.701492 98.70% [INFO] switch_core_media.c:8483 RE-SETTING audio DTLS
2024-01-03 15:58:46.701492 98.70% [INFO] switch_rtp.c:3854 Activate RTP audio DTLS server
2024-01-03 15:58:46.701492 98.70% [INFO] switch_rtp.c:4042 Changing audio DTLS state from OFF to HANDSHAKE
...
2024-01-03 15:58:46.841492 98.70% [INFO] switch_rtp.c:3338 Changing audio DTLS state from HANDSHAKE to SETUP
2024-01-03 15:58:46.841492 98.70% [INFO] switch_rtp.c:3245 audio Fingerprint Verified.
2024-01-03 15:58:46.841492 98.70% [INFO] switch_rtp.c:4366 Activating audio Secure RTP SEND
2024-01-03 15:58:46.841492 98.70% [INFO] switch_rtp.c:4344 Activating audio Secure RTP RECV
2024-01-03 15:58:46.841492 98.70% [INFO] switch_rtp.c:3287 Changing audio DTLS state from SETUP to READY

In the re-invite i have also SRTP keys in the SDP, so i try to disable DTLS using the channel variable, webrtc_enable_dtls=false, and i could solve my issue, the call is established for more than 8min.

I also try to use the variable rtp_use_dtls=false, but no success, i think this variable is only use to force DTLS when FS initiates the call using rtp_use_dtls=true, it doesn’t make FS reply without dtls.

RE-INVITE SDP:

v=0
o=sems 1794200300 1186867159 IN IP4 9.125.98.25
s=-
c=IN IP4 9.125.98.25
t=0 0
m=audio 32478 RTP/SAVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtcp:32479
a=ssrc:453675094 cname:/KFRJ13qga3q04dc
a=ssrc:453675094 msid:- 1e052a9e-9a85-4446-aa73-625f7b28699b
a=tls-id:b36f438831863e35545329955bc263e1
a=ptime:20
a=crypto:1 AEAD_AES_256_GCM inline:g6dSrABn/h+cuhvUDD44LPl1tOs8mUHeUjdh3eiZZNp760JpUcloG7ISaWc=
a=crypto:2 AEAD_AES_128_GCM inline:OkzHvi4O9cpj7Fq13ytxOeJ5h+IODqxib+Cw2Q==
a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:cjpZrL/tcYK6xcOQRUKKGpGOk21Ms9zxsAthvvznr4TY9HCw78qB9vpitDwMvw==
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:O65EGiGbfxi9bD/rJirheMScIH9lGFDxsbiXgMVtBkLT/invZZDNMc10oEHEBg==
a=crypto:5 AES_192_CM_HMAC_SHA1_80 inline:rfW89KV14BCQ4x0kuiQQCvnAkX+j774oWHjvM0qCCU9gwY7mYos=
a=crypto:6 AES_192_CM_HMAC_SHA1_32 inline:bgdM2oqD2Diml1s9xnaxdk4ts2oWdMNhGhP1y3h8U02NVwAaGJU=
a=crypto:7 AES_CM_128_HMAC_SHA1_80 inline:VPlMKXQ0cqRqXhdwDjyiF/3KdsDtZiRRP74qUIk7
a=crypto:8 AES_CM_128_HMAC_SHA1_32 inline:CflHmW8jluqcngAQKFra8aYHzVejsDrA/EhuCgo6
a=crypto:9 F8_128_HMAC_SHA1_80 inline:A/jxmP8R1ZrAZHCu2j8HxIraVKlna+hzM5RN0mRN
a=crypto:10 F8_128_HMAC_SHA1_32 inline:r0A3bSnViuGs5yFAfu4j7mNTIkBrF64kAZR2qtoj
a=crypto:11 NULL_HMAC_SHA1_80 inline:QEN2GcUT4/IbhKpo/VPDjHqDDy8yQAySPUjN6In+
a=crypto:12 NULL_HMAC_SHA1_32 inline:IneqBD6g+alwNs8Zhba163hp/J9YSa1Zvv8uwlMe
a=setup:actpass
a=fingerprint:sha-256 41:EB:00:BE:3D:AB:CE:A9:F1:5F:97:B9:01:38:94:40:BF:66:9C:71:AA:1E:A9:7D:4E:42:96:6C:03:74:69:78

200OK SDP from FS reply is:

v=0
o=FreeSWITCH 1704281238 1704281240 IN IP4 192.40.20.13
s=FreeSWITCH
c=IN IP4 192.40.20.13
t=0 0
m=audio 12674 RTP/SAVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=silenceSupp:off - - - -
a=ptime:20
a=fingerprint:sha-256 FA:C3:A7:68:F9:BE:CD:42:8A:10:A3:37:43:24:BB:BF:49:68:90:79:A4:BC:44:DA:83:0B:40:3F:3A:8B:F9:D0
a=setup:passive
a=rtcp:12675 IN IP4 192.40.20.13

Is correct to use the channel variable webrtc_enable_dtls=false ?
or is better to fix the variable rtp_use_dtls=false to disable dtls in the 200OK?

Thanks,
António