[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jul 6 12:28:23 CEST 2011


Inaki, how can we deal with this scenario:

Client uses TLS to the proxy. Between proxy and gateway UDP is used.

In a deprecated way I would use:
INVITE sip:12345 at domain
Route: sip:domain;transport=tls
Contact: sip:1.2.3.4:5678;transport=tls


In the standardized way I think I have to use:
INVITE sip:12345 at domain
Route: sips:domain;transport=tcp
Contact: sips:1.2.3.4:5678;transport=tcp

Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all
the way TLS must be used and reINVITE fail as the gateway only supports UDP?

regards
Klaus


Am 06.07.2011 10:32, schrieb Iñaki Baz Castillo:
> 2011/7/6 Klaus Darilion <klaus.mailinglists at pernau.at>:
>> If you do not change the RURI but add a Route header with "sips:" then
>> it would influence only the next hop.
> 
> Mmmm, imagine this INVITE sent by a UA via TLS:
> 
>   INVITE sip:bob at domain.com
>   Via: SIP/2.0/TLS
>   Route: <sips:myproxy>
>   Contact: <sip:alice at 1.2.3.4>
> 
> In this case, the UA would send the INVITE via TCP but in-dialog
> request from the remote would be delivered by the proxy to alice via
> UDP (the Contact header).
> 
> AFAIK RFC 5630 states that, in order to send a request via TLS
> (without requiring security in all the path) the UAC must use:
> 
>   INVITE sip:bob at domain.com
>   Via: SIP/2.0/TLS
>   Contact: <sips:alice at 1.2.3.4>
> 
> 
> 



More information about the sr-dev mailing list