[OpenSIPS-Users] Opensips TLS
Bogdan-Andrei Iancu
bogdan at opensips.org
Mon Aug 24 11:33:03 CEST 2015
Hi Matt,
Yes, you can do that. OpenSIPS can do protocol exchange so it can switch
from TLS to UDP. I would recommand to use 1.11 as 1.7 is outdates and
not maintain.
And yes, the TLS module had a lot of fixes in the last years, not to
mentioned the TCP stack (TLS relies on it!).
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 22.08.2015 02:34, Matt Hamilton wrote:
>
>
> We are using Opensips as a dispatcher to Asterisk servers. The call
> flow for incoming calls to UAC is below (outbound is reversed).
>
>
> telco -> opensips1 -> asterisk -> opensips1 -> UAC (SIP phones)
>
>
> We are at the planning stages of implementing TLS. Asterisk (1.8.x),
> Opensips (1.7.1 TLS) and the phones are TLS-capable. Is it possible to
> have TLS just between Opensips and the phones, and not touch the
> traffic between Asterisk and Opensips? If TLS on Asterisk is not
> enabled, will traffic flow between Opensips and Asterisk
> (unencrypted)? Both Opensips server and Asterisk servers are at the
> same location, so it's not really necessary to secure that leg.
>
>
> Also, do you recommend upgrading Opensips to 2.1 first and then
> enabling TLS? I know our version (1.7.1) is pretty old, but it's been
> very stable for us without TLS. I'm wondering if the TLS module has
> improved (performance, etc.) since then? (We will do the upgrade this
> year - just trying to time it).
>
>
> Thanks,
> Matt
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150824/c2a9e509/attachment.htm>
More information about the Users
mailing list