[OpenSIPS-Users] UpenSIPS and sips

Klaus Darilion klaus.mailinglists at pernau.at
Mon Oct 6 14:38:41 CEST 2008


HI!

Just a note: RFC 3261 allows to use sips over an insecure protocol on 
the last hop (e.g. if the proxy knows that the call is delivered only 
local in the LAN thus encryption is not necessary).

Thus, blocking sips over UDP in the SIP proxy automatically is to 
inflexible. MAybe it can be implemented via an t_relay() flag to 
indicate to drop branches with insecure protocol. (as the protocol may 
be known only after the NAPTR lookup)

regards
klaus

Bogdan-Andrei Iancu schrieb:
> Hi Olle,
> 
> Olle Frimanson wrote:
>>  
>> Hi Bogdan, my setup is:
>>
>> Client A registers with normal UDP (non encrypted)
>> Client B registers with transport=tls
>>
>> Then I try to make a call from B to A with:
>>
>> sip:a at domain.com;transport=tls
>>
>> It works fine which is expected, but when I use
>>
>> sip:a at domain.com;transport=tls
>>   
> But both URIs are the same ?! is it a typo here? :)
> 
> Bogdan
>> It also works, but my understanding was that this call should fail.
>>
>> What are we doing wring in this case?
>>
>> BR/Olle
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
>> Sent: den 6 oktober 2008 12:38
>> To: Olle Frimanson
>> Cc: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] UpenSIPS and sips
>>
>> Hi Olle,
>>
>> Olle Frimanson wrote:
>>   
>>> Hi I'm fairly new to OpenSIPS and have a question if OpenSIPS supports 
>>> sips and in that case how it should be configured.
>>>     
>> You do not have to do anything special - just send calls with SIPS RURI.
>>   
>>> Today we sucessfully use TLS transport but if we try to make a call 
>>> from one client which is coonected through TLS to another conencted 
>>> through UDP/TCP the call still goes through which it shouldn't.
>>>     
>> Why it shouldn't ?
>>
>> Each device can choose what so ever protocol to connect to the server. 
>> And the server is able to cross calls between the protocols.
>>
>> The only restriction is when using a SIPS uri - these kind of calls must be
>> delivered (by all SIP entities on the way) in a secure manner (read TLS).
>> So, have you tested with SIPS or SIP URI?
>>
>> Regards,
>> Bogdan
>>
>>
>>   
>>>  
>>> BR/Olle
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>> ----------------------------------------------------------------------
>>> --
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>   
>>>     
>>
>>
>>   
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



More information about the Users mailing list