[OpenSIPS-Users] UpenSIPS and sips

Klaus Darilion klaus.mailinglists at pernau.at
Thu Oct 16 13:43:06 CEST 2008 

OK. thanks for the info

Bogdan-Andrei Iancu schrieb:
> Hi Klaus,
> 
> During some testings today, I had a chat with Robert Sparks about sips 
> scheme - what he is saying is that the "liberty" you mentioned in 
> RFC3261 is bogus and there is a new RFC (queued) that fixes this and 
> that makes mandatory the usage of a secured protocol through all the 
> segments (with sips scheme).
> 
> So, if the registrar gets a sips call and callee device is registered 
> with UDP, the call must be rejected.
> 
> Regards,
> Bogdan
> 
> Klaus Darilion wrote:
>> HI!
>>
>> Just a note: RFC 3261 allows to use sips over an insecure protocol on 
>> the last hop (e.g. if the proxy knows that the call is delivered only 
>> local in the LAN thus encryption is not necessary).
>>
>> Thus, blocking sips over UDP in the SIP proxy automatically is to 
>> inflexible. MAybe it can be implemented via an t_relay() flag to 
>> indicate to drop branches with insecure protocol. (as the protocol may 
>> be known only after the NAPTR lookup)
>>
>> regards
>> klaus
>>
>> Bogdan-Andrei Iancu schrieb:
>>> Hi Olle,
>>>
>>> Olle Frimanson wrote:
>>>>  
>>>> Hi Bogdan, my setup is:
>>>>
>>>> Client A registers with normal UDP (non encrypted)
>>>> Client B registers with transport=tls
>>>>
>>>> Then I try to make a call from B to A with:
>>>>
>>>> sip:a at domain.com;transport=tls
>>>>
>>>> It works fine which is expected, but when I use
>>>>
>>>> sip:a at domain.com;transport=tls
>>>>   
>>> But both URIs are the same ?! is it a typo here? :)
>>>
>>> Bogdan
>>>> It also works, but my understanding was that this call should fail.
>>>>
>>>> What are we doing wring in this case?
>>>>
>>>> BR/Olle
>>>>
>>>> -----Original Message-----
>>>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] Sent: den 
>>>> 6 oktober 2008 12:38
>>>> To: Olle Frimanson
>>>> Cc: users at lists.opensips.org
>>>> Subject: Re: [OpenSIPS-Users] UpenSIPS and sips
>>>>
>>>> Hi Olle,
>>>>
>>>> Olle Frimanson wrote:
>>>>  
>>>>> Hi I'm fairly new to OpenSIPS and have a question if OpenSIPS 
>>>>> supports sips and in that case how it should be configured.
>>>>>     
>>>> You do not have to do anything special - just send calls with SIPS 
>>>> RURI.
>>>>  
>>>>> Today we sucessfully use TLS transport but if we try to make a call 
>>>>> from one client which is coonected through TLS to another conencted 
>>>>> through UDP/TCP the call still goes through which it shouldn't.
>>>>>     
>>>> Why it shouldn't ?
>>>>
>>>> Each device can choose what so ever protocol to connect to the 
>>>> server. And the server is able to cross calls between the protocols.
>>>>
>>>> The only restriction is when using a SIPS uri - these kind of calls 
>>>> must be
>>>> delivered (by all SIP entities on the way) in a secure manner (read 
>>>> TLS).
>>>> So, have you tested with SIPS or SIP URI?
>>>>
>>>> Regards,
>>>> Bogdan
>>>>
>>>>
>>>>  
>>>>>  
>>>>> BR/Olle
>>>>>  
>>>>>
>>>>>  
>>>>>
>

More information about the Users mailing list