Juha Heinanen wrote:
Martin Hoffmann writes:
I think the upshot of it all is that there is no more transport=tls. If you want TLS, you have to do use the sips scheme with transport=tcp; if you want DTLS, you do sips with transport=udp.
i don't agree with the above.
If I understand things correctly, the above is the intent of the standardization body in charge of SIP.
for example, no matter which transport a request arrives to a proxy, the next hop proxy may be only reachable over tls, in which case i would use ;transport=tls.
Well, you shouldn't. You should use transport=tcp, because that is the transport protocol you are using. That you want this encrypted is indicated by the sips scheme of your SIP URI. Also, if you next hop is only reachable via TLS and, yet the transport parameter and schema indicate unencrypted TCP, what stops you from using the TLS connection you have?
Only the opposite is a problem because you would degenerate the security status of your transmission and that is prohibited by the sips scheme.
Regards, Martin