[OpenSIPS-Users] Opensips TLS

Bogdan-Andrei Iancu bogdan at opensips.org
Mon Aug 24 11:33:03 CEST 2015


Hi Matt,

Yes, you can do that. OpenSIPS can do protocol exchange so it can switch 
from TLS to UDP. I would recommand to use 1.11 as 1.7 is outdates and 
not maintain.

And yes, the TLS module had a lot of fixes in the last years, not to 
mentioned the TCP stack (TLS relies on it!).


Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 22.08.2015 02:34, Matt Hamilton wrote:
>
>
> We are using Opensips as a dispatcher to Asterisk servers. The call 
> flow for incoming calls to UAC is below (outbound is reversed).
>
>
> telco -> opensips1 -> asterisk -> opensips1 -> UAC (SIP phones)
>
>
> We are at the planning stages of implementing TLS. Asterisk (1.8.x), 
> Opensips (1.7.1 TLS) and the phones are TLS-capable. Is it possible to 
> have TLS just between Opensips and the phones, and not touch the 
> traffic between Asterisk and Opensips? If TLS on Asterisk is not 
> enabled, will traffic flow between Opensips and Asterisk 
> (unencrypted)? Both Opensips server and Asterisk servers are at the 
> same location, so it's not really necessary to secure that leg.
>
>
> Also, do you recommend upgrading Opensips to 2.1 first and then 
> enabling TLS? I know our version (1.7.1) is pretty old, but it's been 
> very stable for us without TLS. I'm wondering if the TLS module has 
> improved (performance, etc.) since then? (We will do the upgrade this 
> year - just trying to time it).
>
>
> Thanks,
> Matt
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150824/c2a9e509/attachment.htm>


More information about the Users mailing list