Ferianto siregar wrote:
Dear all,
Thank you very much for all your time to read this message.
All, I now have problem with TLS security concept. I have tried to read
the tutorial (tls.html) from
www.openser.org. <http://www.openser.org./>
I have read it many times. But, I still confused to undestand it. Would
you mind help me, Please?
Here are my questions:
1. How can we evidence that the communication that using TLS is secure
communication? (Real proof)
If the communication is via TLS, then it is secure. If you really want
to know how secure this is, you will find lots of theoretical analysis
of SSL/TLS and the ciphers used in this connections.
2. When using TLS, how can we know that the
communication has been
eavesdropped?
What do you mean with eavesdropped? Do you mean sniffing the TLS
packets? You can not know if the packets were sniffed somewhere - but
you do not care as the payload is encrypted.
Maybe someone can encrypt the payload when having lots of CPU power and
lots of time. For this refer to 1.
3. Is TLS just use port 5061? If yes? How can TLS can
protect the
communication from sniffer who knows TLS using port 5061?
You do not have to protect - it is encrypted.
4. What kind of type encryption that TLS use?
There are lots of possible ciphers in openssl stack. Use ssldump to wath
the TLS handshake. It will tell you which cipher suite is used. You can
find available cipher suites here:
http://www.openssl.org/docs/apps/ciphers.html
5. What sofware that we can use to test for making a
call in opeser with
TLS support? I have tried minisip, but I always get error
message..Please...
eyebeam (commercial, but not that expensive)
windows messenger (but I think it does not work with TLS 1.0, but need
openssl 2.0 connections)
SNOM phones do support TLS - there is a free SNOM softphone available.
Maybe this supports TLS too.
regards
klaus