[OpenSIPS-Users] UpenSIPS and sips
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Oct 16 13:43:06 CEST 2008
OK. thanks for the info
Bogdan-Andrei Iancu schrieb:
> Hi Klaus,
>
> During some testings today, I had a chat with Robert Sparks about sips
> scheme - what he is saying is that the "liberty" you mentioned in
> RFC3261 is bogus and there is a new RFC (queued) that fixes this and
> that makes mandatory the usage of a secured protocol through all the
> segments (with sips scheme).
>
> So, if the registrar gets a sips call and callee device is registered
> with UDP, the call must be rejected.
>
> Regards,
> Bogdan
>
> Klaus Darilion wrote:
>> HI!
>>
>> Just a note: RFC 3261 allows to use sips over an insecure protocol on
>> the last hop (e.g. if the proxy knows that the call is delivered only
>> local in the LAN thus encryption is not necessary).
>>
>> Thus, blocking sips over UDP in the SIP proxy automatically is to
>> inflexible. MAybe it can be implemented via an t_relay() flag to
>> indicate to drop branches with insecure protocol. (as the protocol may
>> be known only after the NAPTR lookup)
>>
>> regards
>> klaus
>>
>> Bogdan-Andrei Iancu schrieb:
>>> Hi Olle,
>>>
>>> Olle Frimanson wrote:
>>>>
>>>> Hi Bogdan, my setup is:
>>>>
>>>> Client A registers with normal UDP (non encrypted)
>>>> Client B registers with transport=tls
>>>>
>>>> Then I try to make a call from B to A with:
>>>>
>>>> sip:a at domain.com;transport=tls
>>>>
>>>> It works fine which is expected, but when I use
>>>>
>>>> sip:a at domain.com;transport=tls
>>>>
>>> But both URIs are the same ?! is it a typo here? :)
>>>
>>> Bogdan
>>>> It also works, but my understanding was that this call should fail.
>>>>
>>>> What are we doing wring in this case?
>>>>
>>>> BR/Olle
>>>>
>>>> -----Original Message-----
>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] Sent: den
>>>> 6 oktober 2008 12:38
>>>> To: Olle Frimanson
>>>> Cc: users at lists.opensips.org
>>>> Subject: Re: [OpenSIPS-Users] UpenSIPS and sips
>>>>
>>>> Hi Olle,
>>>>
>>>> Olle Frimanson wrote:
>>>>
>>>>> Hi I'm fairly new to OpenSIPS and have a question if OpenSIPS
>>>>> supports sips and in that case how it should be configured.
>>>>>
>>>> You do not have to do anything special - just send calls with SIPS
>>>> RURI.
>>>>
>>>>> Today we sucessfully use TLS transport but if we try to make a call
>>>>> from one client which is coonected through TLS to another conencted
>>>>> through UDP/TCP the call still goes through which it shouldn't.
>>>>>
>>>> Why it shouldn't ?
>>>>
>>>> Each device can choose what so ever protocol to connect to the
>>>> server. And the server is able to cross calls between the protocols.
>>>>
>>>> The only restriction is when using a SIPS uri - these kind of calls
>>>> must be
>>>> delivered (by all SIP entities on the way) in a secure manner (read
>>>> TLS).
>>>> So, have you tested with SIPS or SIP URI?
>>>>
>>>> Regards,
>>>> Bogdan
>>>>
>>>>
>>>>
>>>>>
>>>>> BR/Olle
>>>>>
>>>>>
>>>>>
>>>>>
>
More information about the Users
mailing list