Hi Henning, thanks for your answer
From whant I understand, nonce shouldn't be used twice at all, so if
www_authenticate return code is 3 (NONCE_REUSED), the REGISTER or any other authenticated package should be rejected. But the usual examples of kamailio.cfg show that the message is rejected only if www_authenticate reply is < 0. So how exactly is the safe way to use it?
2009/4/8 Henning Westerholt henning.westerholt@1und1.de:
On Wednesday 08 April 2009, catalina oancea wrote:
Does anybody know in which situation the NONCE_REUSED return code for www_authenticate would appear? I understand the usage of the STALE_NONCE code, this is when the nonce expires and the servers sends a new nonce to the phone. But why is the NONCE_REUSED used and why does it occur sometimes? Should I reject or accept the registration when this code appears?
NONCE_REUSED /* Returned if nonce is used more than once */
Hi Catalina,
this is related to a security enhancement that was added about half a year or so. Take a look at the announcement of this functionality for more informations: http://lists.kamailio.org/pipermail/users/2008-June/017696.html
Cheers,
Henning