Inaki, how can we deal with this scenario:
Client uses TLS to the proxy. Between proxy and gateway UDP is used.
In a deprecated way I would use: INVITE sip:12345@domain Route: sip:domain;transport=tls Contact: sip:1.2.3.4:5678;transport=tls
In the standardized way I think I have to use: INVITE sip:12345@domain Route: sips:domain;transport=tcp Contact: sips:1.2.3.4:5678;transport=tcp
Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all the way TLS must be used and reINVITE fail as the gateway only supports UDP?
regards Klaus
Am 06.07.2011 10:32, schrieb IƱaki Baz Castillo:
2011/7/6 Klaus Darilion klaus.mailinglists@pernau.at:
If you do not change the RURI but add a Route header with "sips:" then it would influence only the next hop.
Mmmm, imagine this INVITE sent by a UA via TLS:
INVITE sip:bob@domain.com Via: SIP/2.0/TLS Route: sips:myproxy Contact: sip:alice@1.2.3.4
In this case, the UA would send the INVITE via TCP but in-dialog request from the remote would be delivered by the proxy to alice via UDP (the Contact header).
AFAIK RFC 5630 states that, in order to send a request via TLS (without requiring security in all the path) the UAC must use:
INVITE sip:bob@domain.com Via: SIP/2.0/TLS Contact: sips:alice@1.2.3.4