SIP Security in Yate
From Yate Documentation
(Difference between revisions)
(→SRTP Cryptographic Contexts) |
(→SRTP Cryptographic Contexts) |
||
| Line 25: | Line 25: | ||
The files name.crt and name.key have to be in the same place as the configuration file in this example. | The files name.crt and name.key have to be in the same place as the configuration file in this example. | ||
| − | ===SRTP | + | ===Enable SRTP=== |
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message. | Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message. | ||
Revision as of 17:10, 14 November 2012
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on TLS and will use SRTP packets for voice.
How to set a TLS listener
In ysipchan.conf:
[general] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
Configure a SSL server context
In openssl.conf
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
Enable SRTP
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.
In ysipchan.conf by default secure parameter is disabled, for using SRTP you have to enable it.
[default] ; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP secure=enable
See also
