SIP Security in Yate
From Yate Documentation
(Difference between revisions)
| Line 2: | Line 2: | ||
Yate can bind on UDP, TCP and TLS. This is done using a '''listener''' that it is a specific section in [[SIP Configuration File#Configuration File|ysipchan.conf]]. | Yate can bind on UDP, TCP and TLS. This is done using a '''listener''' that it is a specific section in [[SIP Configuration File#Configuration File|ysipchan.conf]]. | ||
| − | SIP secure it is done by building a TLS listener. Yate will bind on TLS with [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP] | + | SIP secure it is done by building a TLS listener. Yate will bind on TLS with [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP]. |
| + | |||
| + | === How to set a TLS listener === | ||
| + | |||
| + | In ysipchan.conf: | ||
| + | |||
| + | [listener listener-tls] | ||
| + | type=tls | ||
| + | addr=x.x.x.x | ||
| + | port=5061 | ||
| + | sslcontext=server_context | ||
| + | |||
| + | In openssl.conf | ||
| + | |||
| + | [server_context] | ||
| + | enable=yes | ||
| + | certificate=name.crt | ||
| + | key=name.key | ||
| + | |||
| + | The files name.crt and name.key have to be in the same place as the configuration file in this example. | ||
Revision as of 15:08, 14 November 2012
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on TLS with SRTP.
How to set a TLS listener
In ysipchan.conf:
[listener listener-tls] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
In openssl.conf
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
