[asterisk-users] SIP TLS question for asterisk 11
Panos Augerinos
panos.augerinos at gmail.com
Sun Feb 16 03:48:29 CST 2014
Hi All,
I'm on a middle of an asterisk installation/configuration for my company
and I'm testing the TLS configuration.
For this reason, I used the ast_tls_cert script to build the ssl
certificates for my server.
On sip.conf file:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
and on my extension number configuration:
transport=tls
Finally, my phone was registered successfully on my asterisk server.
But, during my tests and while I switched on sip debug mode, I have seen
that on Register I have TLS and on Subscribe I have UDP. Please check the
debug output bellow:
1. REGISTER: sip:voip1;transport=tls;lr SIP/2.0
Via: SIP/2.0/TLS
xxx.xxx.xxx.xxx:37156;rport;branch=z9hG4bKPjoCCw0.LEC-qhSMVBqFcWE8K4.jeEqwpI;alias
Authorization: Digest username="2224", realm="asterisk", nonce="22603797",
uri="sip:voip1;transport=tls;lr",
response="125b4df1280600f6dfaf8313ffe6d7cb", algorithm=MD5
2. SUBSCRIBE sip:2224 at voip1 SIP/2.0
Authorization: Digest username="2224", realm="asterisk", nonce="0eacf511",
uri="sip:2224 at xxx.xxx.xxx.xxx",
response="8c8f98e83f215f25359d3c67fffb0eac", algorithm=MD5
In case of the Subscribe, I have the extension's password in clear text.
I'm not sure if this is correct or if I have to do any other modifications
on my PBX to protect the subscribe.
I would appreciate if you have some thoughts that may help.
Regards,
Panos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140216/b78abe69/attachment.html>
More information about the asterisk-users
mailing list