Jitsi 2.11.5558 on Windows 10.
When a call that is secured using SIPS/SRTP, and that call is transferred (or any other SDP negotiation event happens), then the Jitsi issues a new key which is not applied correctly, and the call fails. Here are simple steps to reproduce the problem.
207 is the starting point. That is Jitsi, and SRTP.
207 calls 202.
202 is a Grandstream 2160, not encrypted.
This leg of the call works.
202 transfers the call to 225.
225 is a Snom M3, not encrypted.
The call is lost at this point. The following errors are in the asterisk log.
== SRTCP unprotect failed on SSRC 775162036 because of authentication failure
== SRTP unprotect failed on SSRC 775162036 because of authentication failure 160
Initially we thought this was a bug in Asterisk. I created an issue there: https://issues.asterisk.org/jira/browse/ASTERISK-27397
But after more testing we isolated the problem to Jitsi. If I replace Jitsi with another device, everything works normally.