[Users] TLS : Please help for TLS concept

[Klaus Darilion]

Ferianto siregar wrote:
> Dear all,
> 
> Thank you very much for all your time to read this message.
> All, I now have problem with TLS security concept. I have tried to read 
> the tutorial (tls.html) from www.openser.org. <http://www.openser.org./>
> I have read it many times. But, I still confused to undestand it. Would 
> you mind help me, Please?
> 
> Here are my questions:
> 1. How can we evidence that the communication that using TLS is secure 
> communication? (Real proof)

If the communication is via TLS, then it is secure. If you really want 
to know how secure this is, you will find lots of theoretical analysis 
of SSL/TLS and the ciphers used in this connections.

> 2. When using TLS, how can we know that the communication has been 
> eavesdropped?

What do you mean with eavesdropped? Do you mean sniffing the TLS 
packets? You can not know if the packets were sniffed somewhere - but 
you do not care as the payload is encrypted.

Maybe someone can encrypt the payload when having lots of CPU power and 
lots of time. For this refer to 1.

> 3. Is TLS just use port 5061? If yes? How can TLS can protect the 
> communication from sniffer who knows TLS using port 5061?

You do not have to protect - it is encrypted.

> 4. What kind of type encryption that TLS use?

There are lots of possible ciphers in openssl stack. Use ssldump to wath 
the TLS handshake. It will tell you which cipher suite is used. You can 
find available cipher suites here:
http://www.openssl.org/docs/apps/ciphers.html

> 5. What sofware that we can use to test for making a call in opeser with 
> TLS support? I have tried minisip, but I always get error 
> message..Please... 

eyebeam (commercial, but not that expensive)
windows messenger (but I think it does not work with TLS 1.0, but need 
openssl 2.0 connections)
SNOM phones do support TLS - there is a free SNOM softphone available. 
Maybe this supports TLS too.

regards
klaus