[Users] TLS communication between OpenSER servers
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Apr 19 16:02:52 CEST 2007
It depends on how the call is forwarded from proxy1 to proxy2. If you
manually rewrite the URI, make sure the new URI has the transport=tls
parameter.
If the call is just relayed (e.g. client1 calls
client2 at proxy2.domain.com) then openser forwards according to RFC3263.
Thus, you have to make sure that there is a NAPTR record for the domain
with TLS as the most preferred protocol.
regards
klaus
John Barry wrote:
> Hi,
>
> I have configured two SIP domains using OpenSER v 1.1.1 with
> authentication (digest authentication) and TLS support. Each domain has
> clients (UAC) running minisip (3220) with TLS and certificates
> configured. When there is a call between a user from one domain to a
> user in the other domain, the SIP communications between minisip clients
> and their corresponding OpenSER proxies is done via TLS (port 5061/TCP),
> however, the SIP communication between the two OpenSER proxies is still
> done via UDP (port 5060/UDP).
>
> The TLS configuration in both servers is as follows:
>
> disable_tls = 0
> listen = tls:192.168.1.10:5061
> tls_verify_server = 1
> tls_verify_client = 1
> tls_require_client_certificate = 1
> tls_method = TLSv1
> tls_certificate = "/etc/openser/tls/sipdA/sipdA-cert.pem"
> tls_private_key = "/etc/openser/tls/sipdA/sipdA-privkey.pem"
> tls_ca_list = "/etc/openser/tls/sipdA/sipdA-calist.pem"
>
>
> Any ideas or suggestions regarding how to enable SIPS (TLS) between
> OpenSER SIP proxies?
>
> Thanks.
> JB74
>
> _________________________________________________________________
> Live Search, for accurate results! http://www.live.nl
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
More information about the sr-users
mailing list