[asterisk-dev] SRTP, Sdescriptions, and TLS
Mikael Magnusson
mikma264 at gmail.com
Tue Nov 6 09:47:14 CST 2007
Mohammad Halawah wrote:
> Hello everyone,
>
...
> I know that Asterisk has a patch to enable SRTP with Sdecriptions as
> mentioned in http://bugs.digium.com/view.php?id=5413
>
> I know also that there is a working patch for TLS as Russel mentioned
> (9th July 2007) in
> http://lists.digium.com/pipermail/asterisk-dev/2007-July/028454.html
> which is made for revision 88524 as can be seen in
> http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls.
>
> Additionally, in this link http://bugs.digium.com/view.php?id=4903 , I
> found two patches dated after 9th July.
>
> I think that I can use asterisk on this link
> http://svn.digium.com/svn/asterisk/team/bbryant/sip-tcptls/ and patch
> it with the SRTP patch "ast_srtp_r81432_mikey_r3412.patch" located
> here http://bugs.digium.com/view.php?id=5413 . Does that make sense?
>
> I would appreciate someone help me finding the right combination of
> trunk/revision/patch. Thanks in advance.
>
I haven't tried to apply the SRTP patch on the sip-tcptls branch, you
may need to deal with conflicts since both touch chan_sip.
An alternative approach is to use a SIP proxy to translate between TLS
and UDP, for example openser or yxa. Of course you need to secure the
link between Asterisk and the proxy, maybe by running both on the same host.
I would like to add that the SRTP patch besides sdescriptions also
supports MIKEY (Multimedia KEYing), which doesn't require a secure
transport such as TLS or S/MIME.
Regards,
Mikael
More information about the asterisk-dev
mailing list