[Serusers] TLS support in SER

Klaus Darilion klaus.mailinglists at pernau.at
Fri Jan 27 16:53:24 CET 2006 

Atle Samuelsen wrote:
> Hi Klaus, 
> 
> That's a good Question :p I've never tried it.. Hopefully it works :-) 
> 
> Regarding Cesc's answer,, I dont have the slightest clue if it would
> update the timer.. but, I guess it would :-)

I think any read/write on a TCP connection will update the timer.

regards
klaus

> 
> -Atle
> 
> * Klaus Darilion <klaus.mailinglists at pernau.at> [060127 13:40]:
> 
>>So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
>>
>>regards
>>klaus
>>
>>Cesc wrote:
>>
>>>I have never tried because we don't have nats in my project. Now, if
>>>the natping thing updates de expire-timer that the ser tcp core keeps
>>>(in the tcp_conn object list), then there is no problem.
>>>I mean, the problem is not the nat machine closing the binding ... the
>>>problem is ser executing a "close" on the socket. This may either then
>>>shutdown the nat binding, or in most end-points mean that no incoming
>>>connections can be accepted (most end-points do not support incoming
>>>tls call establishment ... they can only connect to a tls server, that
>>>is, a sip proxy).
>>>Regards,
>>>Cesc
>>>On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
>>>
>>>>Hi Cesc,
>>>>
>>>>cant this be "fixed" with haveing the natping from server-side? (like
>>>>sending options requests every say 80 sec? (or even more if you adjust
>>>>it in the ser's source?)
>>>>
>>>>-Atle
>>>>
>>>>* Cesc <cesc.santa at gmail.com> [060127 09:19]:
>>>>
>>>>
>>>>>Mmm ... one comes to mind ...
>>>>>ser/openser will close the tcp/tls connection after a couple minutes
>>>>>of inactivity by the phone ... thus, you either change this in ser's
>>>>>source code or you force your phone to re-register every 90 seconds or
>>>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
>>>>>cannot be reached (for incoming calls).
>>>>>
>>>>>Cesc
>>>>>
>>>>>On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
>>>>>
>>>>>
>>>>>>thanks for the pointer.
>>>>>>
>>>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
>>>>>>sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
>>>>>>UDP only.
>>>>>>
>>>>>>- ming
>>>>>>
>>>>>>Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>>>>>Yi Zheng wrote:
>>>>>>
>>>>>>
>>>>>>>Hi,
>>>>>>>
>>>>>>>I am wondering whether SER has any support for TLS as a security
>>>>>>>mechanism? Thanks,
>>>>>>
>>>>>>Yes. It is in the experimental tree:
>>>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>>>>>>
>>>>>>You can also try openser, which has TLS integrated in the stable version
>>>>>>1.0.0
>>>>>>
>>>>>>regards
>>>>>>klaus
>>>>>>
>>>>>>
>>>>>>_______________________________________________
>>>>>>Serusers mailing list
>>>>>>serusers at lists.iptel.org
>>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Serusers mailing list
>>>>>serusers at lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>>
>>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
> 
>

More information about the sr-users mailing list