SIP Security in Yate

From Yate Documentation
Revision as of 17:10, 14 November 2012 by Dana (Talk | contribs)

Jump to: navigation, search

Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.

SIP secure it is done by building a TLS listener. Yate will bind on TLS and will use SRTP packets for voice.

How to set a TLS listener

In ysipchan.conf: 

[general]
type=tls
addr=x.x.x.x
port=5061
sslcontext=server_context

Configure a SSL server context

In openssl.conf 

[server_context]
enable=yes
certificate=name.crt
key=name.key

The files name.crt and name.key have to be in the same place as the configuration file in this example.

Enable SRTP

Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.

In ysipchan.conf by default secure parameter is disabled, for using SRTP you have to enable it. 

[default]
; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP
secure=enable

See also

Retrieved from "https://docs.yate.ro/wiki/index.php?title=SIP_Security_in_Yate&oldid=1985"
Personal tools
Namespaces

Variants
Actions
Preface
Configuration
Administrators
Developers