<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">sips: should not make a difference, however.. take a look at bind-params and tls-bind-params<div><br></div><div><a href="https://wiki.freeswitch.org/wiki/Sofia.conf.xml">https://wiki.freeswitch.org/wiki/Sofia.conf.xml</a></div><div><br><div><div>On Mar 25, 2014, at 1:15 PM, JP &lt;<a href="mailto:jaykris@gmail.com">jaykris@gmail.com</a>&gt; wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><p class="MsoNormal">Is there any way to specify the full contact header in a UA
profile that the SIP stack will use when formulating messages?
&nbsp;Specifically, have it use "sips" instead of "sip" as
the protocol scheme?&nbsp;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">I'm trying to establish an INVITE dialog between 2
FreeSWITCH servers using a client authenticated TLS handshake.</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">To accomplish this, I've created 2 UA profiles on both
servers - one to fulfill the role of the UAC (i.e. tls-uac.xml) and one to
implement the UAS (i.e. tls-uas.xml). &nbsp;Here are the relevant parameters
from both profiles:</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">tls-uac.xml:</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="sip-port" value="5081"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls" value="true"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-only" value="true"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-sip-port" value="5082"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-cert-dir" value="$${base_dir}/conf/tls/uac"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">tls-uas.xml:</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="sip-port" value="5081"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls" value="true"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-only" value="true"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-sip-port" value="5081"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;param
name="tls-cert-dir" value="$${base_dir}/conf/tls/uas"/&gt;</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">The problem already starts when "tls-uac" sends a
non-secure SIP URI in the contact header of its initial INVITE request (i.e. <a href="http://sip:mod_sofia@10.191.210.150:5081/">sip:mod_sofia@10.191.210.150:5081</a>).
&nbsp;But the more immediate issue is that "tls-uas" also responds
with a non-secure SIP URI in the contact header of its final response (i.e. <a href="sip:14086805675@10.191.210.151:5081;transport=udp">sip:14086805675@10.191.210.151:5081;transport=udp</a>).
&nbsp;This causes "tls-uac" to send its ACK to the right port number
(i.e. 5081) but on the wrong transport (i.e. UDP instead of TCP/TLS).</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">I've seen in the FS documentation that there are ways to
manipulate the contact header through the dial plan, but I'd really prefer not
to do it this way. &nbsp;Any suggestions?</p><div>&nbsp;<br class="webkit-block-placeholder"></div><p class="MsoNormal">Thanks</p><p class="MsoNormal">JP</p></div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>http://www.freeswitchsolutions.com<br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>http://www.cudatel.com<br><br>Official FreeSWITCH Sites<br>http://www.freeswitch.org<br>http://wiki.freeswitch.org<br>http://www.cluecon.com<br><br>FreeSWITCH-users mailing list<br>FreeSWITCH-users@lists.freeswitch.org<br>http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br>http://www.freeswitch.org<br></blockquote></div><br></div></body></html>