[Freeswitch-users] TLS receiving calls

Thomas Troy ttroy50 at gmail.com
Mon Dec 1 08:42:30 PST 2008 

I don't have that set however I'm not trying to use SRTP yet. At the moment
I'm just trying to use Secure SIP.

That section of my dial plan is

      <condition field="${sip_has_crypto}"
expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"
break="never">
        <action application="set" data="sip_secure_media=true"/>
        <!-- Offer SRTP on outbound legs if we have it on inbound. -->
        <!-- <action application="export" data="sip_secure_media=true"/> -->
      </condition>

The TLS part of my internal.xml is now

    <!-- TLS: disabled by default, set to "true" to enable -->
    <param name="tls" value="true"/>
    <!-- additional bind parameters for TLS -->
    <param name="tls-bind-params" value=""/>
    <!-- Port to listen on for TLS requests. (5061 will be used if
unspecified) -->
    <param name="tls-sip-port" value="$${internal_tls_port}"/>
    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed
for TLS server) -->
    <param name="tls-cert-dir" value="$${internal_ssl_dir}"/>
    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not
work with TLSv1 -->
    <param name="tls-version" value="$${sip_tls_version}"/>


I also tried with

    <!-- additional bind parameters for TLS -->
    <param name="tls-bind-params" value="transport=tls"/>

On Mon, Dec 1, 2008 at 3:47 PM, Peter P GMX <Prometheus001 at gmx.net> wrote:

> Did you add
> <action application="export" data="sip_secure_media=true"/>
> into youy dialplan before bridging that call. How is your internal.conf,
> is TLS enabled there?
>
> Best regards
> Peter
>
> matrim schrieb:
> > Hi,
> >
> > I'm having problems using TLS to receive calls.
> >
> > I'm using a Nokia N95 to test TLS against freeswitch. I can register my
> > client against freeswitch and make outbound calls to the test numbers
> (e.g.
> > 9999).
> >
> > I can also make calls to other users registered over UDP.
> >
> > However if I try to make a call to a user registered over TLS the leg of
> the
> > call to that user always goes via UDP.
> >
> > e.g.
> >
> > 1000 registered via TLS
> > 1001 registered via TLS
> > 1002 registered via UDP
> > 1003 registered via UDP
> >
> > 1000 -> 1002 works ok
> > 1003 -> 1002 works ok
> >
> > 1001 -> 1000 Doesn't work. The leg of the call between freeswitch and
> 1000
> > tries to setup via UDP
> > 1002 -> 1000 Doesn't work. The leg of the call between freeswitch and
> 1000
> > tries to setup via UDP
> >
> > ===
> >
> >
> >> >From looking at some of the documentation it seems to me that the issue
> may
> >>
> > be with the "tls-bind-params" being "transport=tls".
> >
> > The phone I'm using doesn't add the "transport=tls" parameter, and only
> uses
> > "sips:" to specify that the connection is via TLS.
> >
> > I tried setting "tls-bind-params" to a blank string but it didn't change
> > anything. Is there any way to receive calls over TLS if you don't specify
> > "transport=tls" in your contact string during registration?
> >
> > According to RFC3261 the use of the "transport=tls" parameter isn't
> > recommended anymore and is now deprecated.
> >
> >
> >
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081201/9ba28a68/attachment-0002.html

More information about the FreeSWITCH-users mailing list