<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Hi Matt,<br>
<br>
Yes, you can do that. OpenSIPS can do protocol exchange so it can
switch from TLS to UDP. I would recommand to use 1.11 as 1.7 is
outdates and not maintain.<br>
<br>
And yes, the TLS module had a lot of fixes in the last years, not
to mentioned the TCP stack (TLS relies on it!).<br>
<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 22.08.2015 02:34, Matt Hamilton
wrote:<br>
</div>
<blockquote
cite="mid:DM3PR1201MB111832AC0ABB45780530C9CEB3650@DM3PR1201MB1118.namprd12.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
<p>We are using Opensips as a dispatcher to Asterisk servers.
The call flow for incoming calls to UAC is below (outbound is
reversed).</p>
<p><br>
</p>
<p>telco -> opensips1 -> asterisk -> opensips1 ->
UAC (SIP phones)</p>
<p><br>
</p>
<p>We are at the planning stages of implementing TLS. Asterisk
(1.8.x), Opensips (1.7.1 TLS) and the phones are TLS-capable.
Is it possible to have TLS just between Opensips and the
phones, and not touch the traffic between Asterisk and
Opensips? If TLS on Asterisk is not enabled, will traffic flow
between Opensips and Asterisk (unencrypted)? Both Opensips
server and Asterisk servers are at the same location, so it's
not really necessary to secure that leg.</p>
<p><br>
</p>
<p>Also, do you recommend upgrading Opensips to 2.1 first and
then enabling TLS? I know our version (1.7.1) is pretty old,
but it's been very stable for us without TLS. I'm wondering if
the TLS module has improved (performance, etc.) since then?
(We will do the upgrade this year - just trying to time it).</p>
<br>
Thanks,<br>
Matt<br>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>