2011/7/6 Klaus Darilion klaus.mailinglists@pernau.at:
Inaki, how can we deal with this scenario:
Client uses TLS to the proxy. Between proxy and gateway UDP is used.
In a deprecated way I would use: INVITE sip:12345@domain Route: sip:domain;transport=tls Contact: sip:1.2.3.4:5678;transport=tls
In the standardized way I think I have to use: INVITE sip:12345@domain Route: sips:domain;transport=tcp Contact: sips:1.2.3.4:5678;transport=tcp
The Route can be removed, the only important header would be:
Via: SIP/2.0/TLS...
Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all the way TLS must be used and reINVITE fail as the gateway only supports UDP?
No, because the re-INVITE will contain some Route headers, the first one with sips schema (leg client<->proxy), which is removed by the proxy (it's ifself). The second one with sip schema (leg proxy<->gw), which would also be removed (double Record-Route mechanism as there is transport change).
More explained:
Initial INVITE Client -> Proxy (TLS) -----------------------------------------
INVITE sip:12345@domain Contact: sips:1.2.3.4:5678;transport=tcp Via: SIP/2.0/TLS...
Initial INVITE Proxy -> GW (UDP) ----------------------------------------- INVITE sip:12345@GW Contact: sips:1.2.3.4:5678;transport=tcp Via: SIP/2.0/TLS... Record-Route: sip:PROXY;transport=udp Record-Route: sips:PROXY;transport=tcp
200 from GW -> Proxy (UDP) ----------------------------------------
SIP/2.0 200 OK Contact: sip:12345@GW;transport=udp
BYE from GW -> Proxy (UDP) ------------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0 Via: SIP/2.0/UDP... Route: sip:PROXY;transport=udp Route: sips:PROXY;transport=tcp
The proxy removes both Route headers, so just the RURI remains. It contains sips with ;transport=tcp, so uses TLS over TCP.
BYE from Proxy -> Client (TLS) -----------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0 Via: SIP/2.0/TLS...
or BYE from Client -> Proxy (TLS) ---------------------------------------- BYE sip:12345@GW;transport=udp SIP/2.0 Via: SIP/2.0/TLS... Route: sips:PROXY;transport=tcp Route: sip:PROXY;transport=udp
Proxy removes both Route headers so inspects RURI which uses "udp":
BYE from Proxy -> GW (UDP) ---------------------------------------- BYE sip:12345@GW;transport=udp SIP/2.0 Via: SIP/2.0/UDP...
So, there is no need at all for ;transport=tls, which in fact, does NOT exist.
Cheers.