[OpenSIPS-Users] UpenSIPS and sips

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed Oct 15 11:59:58 CEST 2008 

Hi Klaus,

During some testings today, I had a chat with Robert Sparks about sips 
scheme - what he is saying is that the "liberty" you mentioned in 
RFC3261 is bogus and there is a new RFC (queued) that fixes this and 
that makes mandatory the usage of a secured protocol through all the 
segments (with sips scheme).

So, if the registrar gets a sips call and callee device is registered 
with UDP, the call must be rejected.

Regards,
Bogdan

Klaus Darilion wrote:
> HI!
>
> Just a note: RFC 3261 allows to use sips over an insecure protocol on 
> the last hop (e.g. if the proxy knows that the call is delivered only 
> local in the LAN thus encryption is not necessary).
>
> Thus, blocking sips over UDP in the SIP proxy automatically is to 
> inflexible. MAybe it can be implemented via an t_relay() flag to 
> indicate to drop branches with insecure protocol. (as the protocol may 
> be known only after the NAPTR lookup)
>
> regards
> klaus
>
> Bogdan-Andrei Iancu schrieb:
>> Hi Olle,
>>
>> Olle Frimanson wrote:
>>>  
>>> Hi Bogdan, my setup is:
>>>
>>> Client A registers with normal UDP (non encrypted)
>>> Client B registers with transport=tls
>>>
>>> Then I try to make a call from B to A with:
>>>
>>> sip:a at domain.com;transport=tls
>>>
>>> It works fine which is expected, but when I use
>>>
>>> sip:a at domain.com;transport=tls
>>>   
>> But both URIs are the same ?! is it a typo here? :)
>>
>> Bogdan
>>> It also works, but my understanding was that this call should fail.
>>>
>>> What are we doing wring in this case?
>>>
>>> BR/Olle
>>>
>>> -----Original Message-----
>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] Sent: den 
>>> 6 oktober 2008 12:38
>>> To: Olle Frimanson
>>> Cc: users at lists.opensips.org
>>> Subject: Re: [OpenSIPS-Users] UpenSIPS and sips
>>>
>>> Hi Olle,
>>>
>>> Olle Frimanson wrote:
>>>  
>>>> Hi I'm fairly new to OpenSIPS and have a question if OpenSIPS 
>>>> supports sips and in that case how it should be configured.
>>>>     
>>> You do not have to do anything special - just send calls with SIPS 
>>> RURI.
>>>  
>>>> Today we sucessfully use TLS transport but if we try to make a call 
>>>> from one client which is coonected through TLS to another conencted 
>>>> through UDP/TCP the call still goes through which it shouldn't.
>>>>     
>>> Why it shouldn't ?
>>>
>>> Each device can choose what so ever protocol to connect to the 
>>> server. And the server is able to cross calls between the protocols.
>>>
>>> The only restriction is when using a SIPS uri - these kind of calls 
>>> must be
>>> delivered (by all SIP entities on the way) in a secure manner (read 
>>> TLS).
>>> So, have you tested with SIPS or SIP URI?
>>>
>>> Regards,
>>> Bogdan
>>>
>>>
>>>  
>>>>  
>>>> BR/Olle
>>>>  
>>>>
>>>>  
>>>>

More information about the Users mailing list