panos.augerinos at gma...
Guest
|
 Posted: Sun Feb 16, 2014 4:46 am Post subject: [asterisk-users] SIP TLS question for asterisk 11 |
 |
|
Hi All,
I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration.
For this reason, I used the ast_tls_cert script to build the ssl certificates for my server.
On sip.conf file:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
and on my extension number configuration:
transport=tls
Finally, my phone was registered successfully on my asterisk server.
But, during my tests and while I switched on sip debug mode, I have seen that on Register I have TLS and on Subscribe I have UDP. Please check the debug output bellow:
1. REGISTER: sip:voip1;transport=tls;lr SIP/2.0
Via: SIP/2.0/TLS xxx.xxx.xxx.xxx:37156;rport;branch=z9hG4bKPjoCCw0.LEC-qhSMVBqFcWE8K4.jeEqwpI;alias
Authorization: Digest username="2224", realm="asterisk", nonce="22603797", uri="sip:voip1;transport=tls;lr", response="125b4df1280600f6dfaf8313ffe6d7cb", algorithm=MD5
2. SUBSCRIBE sip:2224@voip1 SIP/2.0
Authorization: Digest username="2224", realm="asterisk", nonce="0eacf511", uri="sip:2224@xxx.xxx.xxx.xxx", response="8c8f98e83f215f25359d3c67fffb0eac", algorithm=MD5
In case of the Subscribe, I have the extension's password in clear text. I'm not sure if this is correct or if I have to do any other modifications on my PBX to protect the subscribe.
I would appreciate if you have some thoughts that may help.
Regards,
Panos |
|
Search
