2011/7/6 Klaus Darilion <klaus.mailinglists(a)pernau.at>at>:
Inaki, how can we deal with this scenario:
Client uses TLS to the proxy. Between proxy and gateway UDP is used.
In a deprecated way I would use:
INVITE sip:12345@domain
Route: sip:domain;transport=tls
Contact: sip:1.2.3.4:5678;transport=tls
In the standardized way I think I have to use:
INVITE sip:12345@domain
Route: sips:domain;transport=tcp
Contact: sips:1.2.3.4:5678;transport=tcp
The Route can be removed, the only important header would be:
Via: SIP/2.0/TLS...
Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all
the way TLS must be used and reINVITE fail as the gateway only supports UDP?
No, because the re-INVITE will contain some Route headers, the first
one with sips schema (leg client<->proxy), which is removed by the
proxy (it's ifself). The second one with sip schema (leg proxy<->gw),
which would also be removed (double Record-Route mechanism as there is
transport change).
More explained:
Initial INVITE Client -> Proxy (TLS)
-----------------------------------------
INVITE sip:12345@domain
Contact: sips:1.2.3.4:5678;transport=tcp
Via: SIP/2.0/TLS...
Initial INVITE Proxy -> GW (UDP)
-----------------------------------------
INVITE sip:12345@GW
Contact: sips:1.2.3.4:5678;transport=tcp
Via: SIP/2.0/TLS...
Record-Route: sip:PROXY;transport=udp
Record-Route: sips:PROXY;transport=tcp
200 from GW -> Proxy (UDP)
----------------------------------------
SIP/2.0 200 OK
Contact: sip:12345@GW;transport=udp
BYE from GW -> Proxy (UDP)
------------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0
Via: SIP/2.0/UDP...
Route: sip:PROXY;transport=udp
Route: sips:PROXY;transport=tcp
The proxy removes both Route headers, so just the RURI remains. It
contains sips with ;transport=tcp, so uses TLS over TCP.
BYE from Proxy -> Client (TLS)
-----------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0
Via: SIP/2.0/TLS...
or BYE from Client -> Proxy (TLS)
----------------------------------------
BYE sip:12345@GW;transport=udp SIP/2.0
Via: SIP/2.0/TLS...
Route: sips:PROXY;transport=tcp
Route: sip:PROXY;transport=udp
Proxy removes both Route headers so inspects RURI which uses "udp":
BYE from Proxy -> GW (UDP)
----------------------------------------
BYE sip:12345@GW;transport=udp SIP/2.0
Via: SIP/2.0/UDP...
So, there is no need at all for ;transport=tls, which in fact, does NOT exist.
Cheers.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>