Ferianto siregar wrote:

Dear all,

Thank you very much for all your time to read this message. All, I now have problem with TLS security concept. I have tried to read the tutorial (tls.html) from www.openser.org. http://www.openser.org./ I have read it many times. But, I still confused to undestand it. Would you mind help me, Please?

Here are my questions:

1. How can we evidence that the communication that using TLS is secure

communication? (Real proof)

If the communication is via TLS, then it is secure. If you really want to know how secure this is, you will find lots of theoretical analysis of SSL/TLS and the ciphers used in this connections.

2. When using TLS, how can we know that the communication has been

eavesdropped?

What do you mean with eavesdropped? Do you mean sniffing the TLS packets? You can not know if the packets were sniffed somewhere - but you do not care as the payload is encrypted.

Maybe someone can encrypt the payload when having lots of CPU power and lots of time. For this refer to 1.

3. Is TLS just use port 5061? If yes? How can TLS can protect the

communication from sniffer who knows TLS using port 5061?

You do not have to protect - it is encrypted.

4. What kind of type encryption that TLS use?

There are lots of possible ciphers in openssl stack. Use ssldump to wath the TLS handshake. It will tell you which cipher suite is used. You can find available cipher suites here: http://www.openssl.org/docs/apps/ciphers.html

5. What sofware that we can use to test for making a call in opeser with

TLS support? I have tried minisip, but I always get error message..Please...

eyebeam (commercial, but not that expensive) windows messenger (but I think it does not work with TLS 1.0, but need openssl 2.0 connections) SNOM phones do support TLS - there is a free SNOM softphone available. Maybe this supports TLS too.

regards klaus