diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index 483a63a73ee3f7f1e1f7fc7ec0325efce7fd38b0..b63316e7723f7ee7c6a15ef8e95734797217311f 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -821,7 +821,7 @@ struct ast_sip_endpoint_media_configuration {
 /*! \brief List entry structure for list of security mechanisms */
 struct security_mechanism {
 	AST_LIST_ENTRY(security_mechanism) entry;
-	pj_str_t value[1];
+	char value[1];
 };
 
 /*!
diff --git a/res/res_pjsip/pjsip_options.c b/res/res_pjsip/pjsip_options.c
index 4854ff3c7856cf5a1cd70e408a7b8fc77c51f078..34167aef54ddbb594b39ce524bba64e1e43f18f5 100644
--- a/res/res_pjsip/pjsip_options.c
+++ b/res/res_pjsip/pjsip_options.c
@@ -926,9 +926,8 @@ static int sip_options_qualify_contact(void *obj, void *arg, int flags)
 		if(!AST_LIST_EMPTY(&endpoint->security_mechanisms)) {
 			struct security_mechanism *sec_mechanism;
 			AST_LIST_TRAVERSE(&endpoint->security_mechanisms, sec_mechanism, entry) {
-				char secVerify[pj_strlen(&sec_mechanism->value) + 1];
-				ast_copy_pj_str(secVerify, &sec_mechanism->value, sizeof(secVerify));
-				ast_sip_add_header(tdata,"Security-Verify",secVerify);
+				ast_debug(3, "Adding security header: %s\n", sec_mechanism->value);
+				ast_sip_add_header(tdata,"Security-Verify",sec_mechanism->value);
 			}
 		}
 	}
diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c
index 5fadd4f7f11e323d50f59a2ce86351fc3044bd00..ee239068691801a3cff13d15725148d627184062 100644
--- a/res/res_pjsip_outbound_registration.c
+++ b/res/res_pjsip_outbound_registration.c
@@ -713,20 +713,26 @@ static int handle_client_registration(void *data)
 			/* answer for 494 */
 			struct ast_sip_endpoint *endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint",
 						client_state->registration_name);
-			struct security_mechanism *sec_mechanism;
 			if (!endpoint) {
 				ast_log(LOG_ERROR, "No endpoint found to add mediasec headers\n");
 				return -1;
 			}
+
+			ast_debug(1, "Adding default security headers\n");
+			ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec");
+			ast_sip_add_header(tdata,"Proxy-Require","mediasec");
+			ast_sip_add_header(tdata,"Require","mediasec");
+
 			if(!AST_LIST_EMPTY(&endpoint->security_mechanisms)) {
+				struct security_mechanism *sec_mechanism;
 				AST_LIST_TRAVERSE(&endpoint->security_mechanisms, sec_mechanism, entry) {
-					char secVerify[pj_strlen(&sec_mechanism->value) + 1];
-					ast_copy_pj_str(secVerify, &sec_mechanism->value, sizeof(secVerify));
-					ast_sip_add_header(tdata,"Security-Verify",secVerify);
+					ast_debug(1, "Adding security header: %s\n", sec_mechanism->value);
+					ast_sip_add_header(tdata,"Security-Verify",sec_mechanism->value);
 				}
 			}
 		}
 		else {
+			ast_debug(1, "Adding default security headers\n");
 			ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec");
 			ast_sip_add_header(tdata,"Proxy-Require","mediasec");
 			ast_sip_add_header(tdata,"Require","mediasec");
@@ -1154,25 +1160,26 @@ static int handle_registration_response(void *data)
 					ast_log(LOG_ERROR, "No endpoint found to store/add mediasec headers\n");
 					return -1;
 				}
-				secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, NULL);
-				while (secSrv) {
-					response->client_state->is494=0;
-					if(AST_LIST_EMPTY(&endpoint->security_mechanisms)) {
-						struct security_mechanism *sec_mechanism;
+				if(AST_LIST_EMPTY(&endpoint->security_mechanisms)) {
+					secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, NULL);
+					struct security_mechanism *sec_mechanism;
+					while (secSrv) {
+						response->client_state->is494=0;
 						char local_info[pj_strlen(&secSrv->hvalue) + 1];
+
 						sec_mechanism = ast_calloc(1, sizeof(*sec_mechanism) + pj_strlen(&secSrv->hvalue));
 						if (!sec_mechanism) {
 							ast_log(LOG_ERROR, "Unable to store server security mechanisms\n");
 							clear_endpoint_security_mechanisms(endpoint);
 							return;
 						}
-						pj_strdup_with_null(tdata->pool, &sec_mechanism->value, &secSrv->hvalue);
-						response->client_state->is494=0;
+						pj_strdup_with_null(tdata->pool, &local_info, &secSrv->hvalue);
+						ast_copy_pj_str(&sec_mechanism->value, local_info, sizeof(local_info));
 						AST_LIST_INSERT_TAIL(&endpoint->security_mechanisms, sec_mechanism, entry);
-						ast_copy_pj_str(local_info, &sec_mechanism->value, sizeof(local_info));
-						ast_sip_add_header(tdata,"Security-Verify",local_info);
+						ast_debug(1, "Store & Add \"Security-Verify\" header: %s\n", sec_mechanism->value);
+						ast_sip_add_header(tdata,"Security-Verify",sec_mechanism->value);
+						secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, secSrv->next);
 					}
-					secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, secSrv->next);
 				}
 			}
 
@@ -1974,9 +1981,12 @@ static int unregister_task(void *obj)
 	if (pjsip_regc_unregister(client, &tdata) == PJ_SUCCESS
 		&& add_configured_supported_headers(state->client_state, tdata)) {
 		if (state->client_state->mediasec) {
+			struct ast_sip_endpoint *endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint",
+							state->client_state->registration_name);
 			ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec");
 			ast_sip_add_header(tdata,"Proxy-Require","mediasec");
 			ast_sip_add_header(tdata,"Require","mediasec");
+			clear_endpoint_security_mechanisms(endpoint);
 		}
 		registration_client_send(state->client_state, tdata);
 	}
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 118b30b4b87ec9a3f99b64e9665e32c725180bcf..0365e4110a78f41df58a791c1fa18b13391cf25b 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -2522,9 +2522,8 @@ static int sip_session_refresh(struct ast_sip_session *session,
 		if(!AST_LIST_EMPTY(&session->endpoint->security_mechanisms)) {
 			struct security_mechanism *sec_mechanism;
 			AST_LIST_TRAVERSE(&session->endpoint->security_mechanisms, sec_mechanism, entry) {
-				char secVerify[pj_strlen(&sec_mechanism->value) + 1];
-				ast_copy_pj_str(secVerify, &sec_mechanism->value, sizeof(secVerify));
-				ast_sip_add_header(tdata,"Security-Verify",secVerify);
+				ast_debug(3, "Adding security header: %s\n", sec_mechanism->value);
+				ast_sip_add_header(tdata,"Security-Verify",sec_mechanism->value);
 			}
 		}
 	}
@@ -2896,9 +2895,8 @@ int ast_sip_session_create_invite(struct ast_sip_session *session, pjsip_tx_data
 		if(!AST_LIST_EMPTY(&session->endpoint->security_mechanisms)) {
 			struct security_mechanism *sec_mechanism;
 			AST_LIST_TRAVERSE(&session->endpoint->security_mechanisms, sec_mechanism, entry) {
-				char secVerify[pj_strlen(&sec_mechanism->value) + 1];
-				ast_copy_pj_str(secVerify, &sec_mechanism->value, sizeof(secVerify));
-				ast_sip_add_header(*tdata,"Security-Verify",secVerify);
+				ast_debug(3, "Adding security header: %s\n", sec_mechanism->value);
+				ast_sip_add_header(*tdata,"Security-Verify",sec_mechanism->value);
 			}
 		}
 	}