SIP Security in Yate

From Yate Documentation
(Difference between revisions)
Jump to: navigation, search
(How to set a TLS listener)
Line 13: Line 13:
 
  port=5061
 
  port=5061
 
  sslcontext=server_context
 
  sslcontext=server_context
 +
 +
 +
 +
===SRTP Cryptographic Contexts===
 +
 +
 +
Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context".
 +
 +
SRTP uses two types of keys:
 +
* session keys(e.g., encryption or message authentication)
 +
* master keys - a random bit string (given by the key management protocol)
  
 
In openssl.conf
 
In openssl.conf
Line 20: Line 31:
 
  certificate=name.crt
 
  certificate=name.crt
 
  key=name.key
 
  key=name.key
 +
  
 
The files name.crt and name.key have to be in the same place as the configuration file in this example.
 
The files name.crt and name.key have to be in the same place as the configuration file in this example.

Revision as of 15:28, 14 November 2012

Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.

SIP secure it is done by building a TLS listener. Yate will bind on TLS with SRTP.

How to set a TLS listener

In ysipchan.conf:

[listener listener-tls]
type=tls
addr=x.x.x.x
port=5061
sslcontext=server_context


SRTP Cryptographic Contexts

Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context".

SRTP uses two types of keys:

  • session keys(e.g., encryption or message authentication)
  • master keys - a random bit string (given by the key management protocol)

In openssl.conf

[server_context]
enable=yes
certificate=name.crt
key=name.key


The files name.crt and name.key have to be in the same place as the configuration file in this example.

Personal tools
Namespaces

Variants
Actions
Preface
Configuration
Administrators
Developers