Hi,
Minisip (and any other phone that fully supports tls) can do both.
Use TLS as the transport layer, authenticate the server cert against
the locally trusted root certs, and if given a client cert, it will
send it to the server for client authentication (that is, to openser).
All this during the tls handshake.
Now, once tls is established, it is up to the proxy whether it
challenges the client for digest authentication. That is, it is up to
you. If you set a proxy so that it only accepts tls connections, use
mutual tls auth for client and server ... you may choose not to
challenge with digest on top of that. But, as it is of now in
ser/openser ... i would still challenge, as tls is loosely coupled with
the subscribers data you have in your database.
Hope it helps,
Cesc
i understand, minisip softphone can initiate TLS connection.
and it can be authenticated by the openser via digest authentication.
is it possible to use certificate instead of digest authentication?
--
Girish