Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] TLS newbie question


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
brian at freeswitch.org
Guest





PostPosted: Sat Aug 30, 2008 5:18 am    Post subject: [Freeswitch-users] TLS newbie question Reply with quote

That device doesn't support TLS nor does it support the standard of
SRTP key exchange method we use(SDES). It uses a sick twisted method
of doing SRTP with info packets that even cisco is going to be
switching from that to SDES.

If you want something that supports TLS I highly recommend a Snom or
Polycom.

/b


On Aug 30, 2008, at 5:04 AM, xbipin wrote:

Quote:

my question is that in the freeswitch ssl folder i have 2 files

agent.pem (contains RSA PRIVATE KEY and CERTIFICATE)
cacert.pem (contains CERTIFICATE)

now for the device connecting to to freeswitch, i use the linksys
spa3102
ATA and it supports TLS and there r 2 fields in it:

Mini Certificate
SRTP Private Key

now i want to be able to use TLS as well as SRTP so what do i put in
those 2
fields, i mean from the 2 files in freeswitch folder, what portion
should i
use for the device or is it that in TLS, freeswitch gives the key to
the
device automatically?

in the device properties it shows:

Client Certificate: installed


--
View this message in context: http://www.nabble.com/TLS-newbie-question-tp19232000p19232000.html
Sent from the Freeswitch-users mailing list archive at Nabble.com.


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

Brian West
sip:brian@freeswitch.org







_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
ranjtech at gmail.com
Guest





PostPosted: Sat Aug 30, 2008 12:59 pm    Post subject: [Freeswitch-users] TLS newbie question Reply with quote

On Sat, Aug 30, 2008 at 6:04 AM, xbipin <bipin@xbipin.com (bipin@xbipin.com)> wrote:
Quote:

in the device properties it shows:

Client Certificate: installed


This is a Client SSL cert which is required to be presented by the client during provisioning IF the Prov server requires that each client picking up configuration files from it, should present one at the time of "resync" when using "https" as its preferred auto-provisioning scheme (so that people knowing the URL for the prov. server can't just plug the URL into a browser and download the configuration files), and I am quite sure this has nothing to do with encryption of RTP or signalling packets during a phone conversation
HTH
\RR
Back to top
bipin at xbipin.com
Guest





PostPosted: Mon Sep 01, 2008 3:24 am    Post subject: [Freeswitch-users] TLS newbie question Reply with quote

so isnt there any application or plugin for windows that acts as a session
border controller for TLS used by linksys which then converts to plain SIP
or something like that, somewhat like a TLS proxy.
I was reading some posts on the net and that latest firmware for spa3102
which is 5.1.7 supports proper TLS and some users have reported it to work
with most IP-PBX etc, so is there a way i can test it or if any1 has a demo
freeswitch server running then i can try registering to it from the device
or if any1 can tell me what to look for in a trace and ill run wireshark and
try to figure it out.



RR-9 wrote:
Quote:

On Sat, Aug 30, 2008 at 6:04 AM, xbipin <bipin@xbipin.com> wrote:

Quote:

in the device properties it shows:

Client Certificate: installed


This is a Client SSL cert which is required to be presented by the client
during provisioning IF the Prov server requires that each client picking
up
configuration files from it, should present one at the time of "resync"
when
using "https" as its preferred auto-provisioning scheme (so that people
knowing the URL for the prov. server can't just plug the URL into a
browser
and download the configuration files), and I am quite sure this has
nothing
to do with encryption of RTP or signalling packets during a phone
conversation
HTH
\RR

_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--
View this message in context: http://www.nabble.com/TLS-newbie-question-tp19232000p19250288.html
Sent from the Freeswitch-users mailing list archive at Nabble.com.


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services