<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><br>
</p>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
We use Opensips (with TLS) as a dispatcher to multiple Asterisk servers. Currently we are in the process of upgrading from 1.7.1 to 1.11.5, and we ran into a discrepancy between 1.7.1 and 1.11.5 regarding SIP NOTIFY messages.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
Here is the flow (both ways):</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
UAC (TLS) -> Opensips (UDP)-> Asterisk </div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<span style="font-size: 12pt;">Asterisk </span><span style="font-size: 12pt;"> (UDP)</span><span style="font-size: 12pt;"> -> Opensips (</span><span style="font-size: 12pt;">TLS</span><span style="font-size: 12pt;">)-> UAC</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<span style="font-size: 12pt;"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
In 1.7.1, all messages between Opensips and UAC were encrypted - didn't matter if it was originated at UAC or Asterisk.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
In 1.11.5, the SIP NOTIFY messages coming from Asterisk are sent to UAC unencrypted (and not accepted by UAC). Here is the request that Opensips receives and sends to the UAC in plaintext:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; margin-top: 0px; margin-bottom: 0px;">
<br>
</div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif">Request-Line: NOTIFY sip:101@1.2.3.4:5075;transport=tls;nat=yes SIP/2.0</font><br>
</div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif">Anything we can do to have that leg encrypted as well?</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font face="Calibri, Arial, Helvetica, sans-serif">Matt</font></div>
<div><font face="Calibri, Arial, Helvetica, sans-serif"><br>
</font></div>
</div>
</body>
</html>