[Freeswitch-users] SIP Contact Header Issue When Using TLS

Michael Jerris mike at jerris.com
Tue Mar 25 20:22:58 MSK 2014 

sips: should not make a difference, however.. take a look at bind-params and tls-bind-params

https://wiki.freeswitch.org/wiki/Sofia.conf.xml

On Mar 25, 2014, at 1:15 PM, JP <jaykris at gmail.com> wrote:

> Is there any way to specify the full contact header in a UA profile that the SIP stack will use when formulating messages?  Specifically, have it use "sips" instead of "sip" as the protocol scheme? 
> 
>  
> I'm trying to establish an INVITE dialog between 2 FreeSWITCH servers using a client authenticated TLS handshake.
> 
>  
> To accomplish this, I've created 2 UA profiles on both servers - one to fulfill the role of the UAC (i.e. tls-uac.xml) and one to implement the UAS (i.e. tls-uas.xml).  Here are the relevant parameters from both profiles:
> 
>  
> tls-uac.xml:
> 
>  
>             <param name="sip-port" value="5081"/>
> 
>  
>             <param name="tls" value="true"/>
> 
>  
>             <param name="tls-only" value="true"/>
> 
>  
>             <param name="tls-sip-port" value="5082"/>
> 
>  
>             <param name="tls-cert-dir" value="$${base_dir}/conf/tls/uac"/>
> 
>  
> tls-uas.xml:
> 
>  
>             <param name="sip-port" value="5081"/>
> 
>  
>             <param name="tls" value="true"/>
> 
>  
>             <param name="tls-only" value="true"/>
> 
>  
>             <param name="tls-sip-port" value="5081"/>
> 
>  
>             <param name="tls-cert-dir" value="$${base_dir}/conf/tls/uas"/>
> 
>  
> The problem already starts when "tls-uac" sends a non-secure SIP URI in the contact header of its initial INVITE request (i.e. sip:mod_sofia at 10.191.210.150:5081).  But the more immediate issue is that "tls-uas" also responds with a non-secure SIP URI in the contact header of its final response (i.e. sip:14086805675 at 10.191.210.151:5081;transport=udp).  This causes "tls-uac" to send its ACK to the right port number (i.e. 5081) but on the wrong transport (i.e. UDP instead of TCP/TLS).
> 
>  
> I've seen in the FS documentation that there are ways to manipulate the contact header through the dial plan, but I'd really prefer not to do it this way.  Any suggestions?
> 
>  
> Thanks
> 
> JP
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140325/1ad2af8d/attachment-0001.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list