SIP Security in Yate
From Yate Documentation
(Difference between revisions)
(→SRTP Cryptographic Contexts) |
|||
Line 2: | Line 2: | ||
Yate can bind on UDP, TCP and TLS. This is done using a '''listener''' that it is a specific section in [[SIP Configuration File#Configuration File|ysipchan.conf]]. | Yate can bind on UDP, TCP and TLS. This is done using a '''listener''' that it is a specific section in [[SIP Configuration File#Configuration File|ysipchan.conf]]. | ||
− | SIP secure it is done by building a TLS listener. Yate will bind on TLS with [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP]. | + | SIP secure it is done by building a TLS listener. Yate will bind on [[http://en.wikipedia.org/wiki/Transport_Layer_Security TLS]] with [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP]. |
=== How to set a TLS listener === | === How to set a TLS listener === | ||
Line 13: | Line 13: | ||
port=5061 | port=5061 | ||
sslcontext=server_context | sslcontext=server_context | ||
− | |||
− | |||
=== Configure a SSL server context=== | === Configure a SSL server context=== |
Revision as of 15:37, 14 November 2012
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on [TLS] with SRTP.
How to set a TLS listener
In ysipchan.conf:
[listener listener-tls] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
Configure a SSL server context
In openssl.conf
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
SRTP Cryptographic Contexts
Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context".
SRTP uses two types of keys:
- session keys(e.g., encryption or message authentication)
- master keys - a random bit string (given by the key management protocol)