RFC7616 is describe dual authentication header on WWW-Authenticate from RTSP header fileld for RTSP digest authentication.
Genernal RTSP standard describe single authenticate header on RFC2326 using the MD5 digest. The MD5 digest authencation has very simple and hash value has leakage very easily. This issue is vaey important on security for RTSP.
So, RFC7616 suggest the SHA256 digest algorithm on WWW-Authenticate header from RTSP header. The SHA256 algorithm has bigger hash value and has complex algorithm than MD5. RFC7616 supports duplicate WWW-Authenticate with MD5 and SHA256 for a MD5 only clients like this below:
RTSP/1.0 401 Unauthorized
CSeq: 2
Date: Wed Dec 15 18:56:44 2021 GMT
WWW-Authenticate: Digest realm="Live555 Realm", nonce="2E9CA0C331F74EC1207A5504C5024CED", opaque="204A78D63C1E1673417D497D8CCB67B5", algorithm="MD5", qop="auth"
WWW-Authenticate: Digest realm="Live555 Realm", nonce="2E9CA0C331F74EC1207A5504C5024CED", opaque="204A78D63C1E1673417D497D8CCB67B5", algorithm="SHA-256", qop="auth"
So, I modified live555 library for this RFC7616 standard. You can test this url on Github.
