Hi,

Minisip (and any other phone that fully supports tls) can do both.
Use TLS as the transport layer, authenticate the server cert against the locally trusted root certs, and if given a client cert, it will send it to the server for client authentication (that is, to openser). All this during the tls handshake.

Now, once tls is established, it is up to the proxy whether it challenges the client for digest authentication. That is, it is up to you. If you set a proxy so that it only accepts tls connections, use mutual tls auth for client and server ... you may choose not to challenge with digest on top of that. But, as it is of now in ser/openser ... i would still challenge, as tls is loosely coupled with the subscribers data you have in your database.

Hope it helps,

Cesc


On 10/14/05, Girish Nayak <girish@isphone.net> wrote:
i understand, minisip softphone can initiate TLS connection.
and it can be authenticated by the openser via digest authentication.

is it possible to use certificate instead of digest authentication?
--
Girish