[asterisk-dev] SRTP, Sdescriptions, and TLS

Mikael Magnusson mikma264 at gmail.com
Tue Nov 6 09:47:14 CST 2007

Mohammad Halawah wrote:
> Hello everyone,
> I know that Asterisk has a patch to enable SRTP with Sdecriptions as
> mentioned in http://bugs.digium.com/view.php?id=5413
> I know also that there is a working patch for TLS as Russel mentioned
> (9th July 2007) in
> http://lists.digium.com/pipermail/asterisk-dev/2007-July/028454.html
> which is made for revision 88524 as can be seen in
> http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls.
> Additionally, in this link http://bugs.digium.com/view.php?id=4903 , I
> found two patches dated after 9th July.
> I think that I can use asterisk on this link
> http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls/ and patch
> it with the SRTP patch "ast_srtp_r81432_mikey_r3412.patch" located
> here http://bugs.digium.com/view.php?id=5413 . Does that make sense?
 > I would appreciate someone help me finding the right combination of
 > trunk/revision/patch. Thanks in advance.

I haven't tried to apply the SRTP patch on the sip-tcptls branch, you 
may need to deal with conflicts since both touch chan_sip.

An alternative approach is to use a SIP proxy to translate between TLS 
and UDP, for example openser or yxa. Of course you need to secure the 
link between Asterisk and the proxy, maybe by running both on the same host.

I would like to add that the SRTP patch besides sdescriptions also 
supports MIKEY (Multimedia KEYing), which doesn't require a secure 
transport such as TLS or S/MIME.


More information about the asterisk-dev mailing list