[sr-dev] TLS: Sip-Routers adds a Record-Route with "sip" scheme rather than "sips"
Iñaki Baz Castillo
ibc at aliax.net
Wed Jul 6 12:56:59 CEST 2011
2011/7/6 Klaus Darilion <klaus.mailinglists at pernau.at>:
> Inaki, how can we deal with this scenario:
>
> Client uses TLS to the proxy. Between proxy and gateway UDP is used.
>
> In a deprecated way I would use:
> INVITE sip:12345 at domain
> Route: sip:domain;transport=tls
> Contact: sip:1.2.3.4:5678;transport=tls
>
>
> In the standardized way I think I have to use:
> INVITE sip:12345 at domain
> Route: sips:domain;transport=tcp
> Contact: sips:1.2.3.4:5678;transport=tcp
The Route can be removed, the only important header would be:
Via: SIP/2.0/TLS...
>
> Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all
> the way TLS must be used and reINVITE fail as the gateway only supports UDP?
No, because the re-INVITE will contain some Route headers, the first
one with sips schema (leg client<->proxy), which is removed by the
proxy (it's ifself). The second one with sip schema (leg proxy<->gw),
which would also be removed (double Record-Route mechanism as there is
transport change).
More explained:
Initial INVITE Client -> Proxy (TLS)
-----------------------------------------
INVITE sip:12345 at domain
Contact: sips:1.2.3.4:5678;transport=tcp
Via: SIP/2.0/TLS...
Initial INVITE Proxy -> GW (UDP)
-----------------------------------------
INVITE sip:12345 at GW
Contact: sips:1.2.3.4:5678;transport=tcp
Via: SIP/2.0/TLS...
Record-Route: sip:PROXY;transport=udp
Record-Route: sips:PROXY;transport=tcp
200 from GW -> Proxy (UDP)
----------------------------------------
SIP/2.0 200 OK
Contact: sip:12345 at GW;transport=udp
BYE from GW -> Proxy (UDP)
------------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0
Via: SIP/2.0/UDP...
Route: sip:PROXY;transport=udp
Route: sips:PROXY;transport=tcp
The proxy removes both Route headers, so just the RURI remains. It
contains sips with ;transport=tcp, so uses TLS over TCP.
BYE from Proxy -> Client (TLS)
-----------------------------------------
BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0
Via: SIP/2.0/TLS...
or BYE from Client -> Proxy (TLS)
----------------------------------------
BYE sip:12345 at GW;transport=udp SIP/2.0
Via: SIP/2.0/TLS...
Route: sips:PROXY;transport=tcp
Route: sip:PROXY;transport=udp
Proxy removes both Route headers so inspects RURI which uses "udp":
BYE from Proxy -> GW (UDP)
----------------------------------------
BYE sip:12345 at GW;transport=udp SIP/2.0
Via: SIP/2.0/UDP...
So, there is no need at all for ;transport=tls, which in fact, does NOT exist.
Cheers.
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the sr-dev
mailing list