SIP Security in Yate
From Yate Documentation
(Difference between revisions)
(→How to set a TLS listener) |
|||
| Line 13: | Line 13: | ||
port=5061 | port=5061 | ||
sslcontext=server_context | sslcontext=server_context | ||
| + | |||
| + | |||
| + | |||
| + | ===SRTP Cryptographic Contexts=== | ||
| + | |||
| + | |||
| + | Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context". | ||
| + | |||
| + | SRTP uses two types of keys: | ||
| + | * session keys(e.g., encryption or message authentication) | ||
| + | * master keys - a random bit string (given by the key management protocol) | ||
In openssl.conf | In openssl.conf | ||
| Line 20: | Line 31: | ||
certificate=name.crt | certificate=name.crt | ||
key=name.key | key=name.key | ||
| + | |||
The files name.crt and name.key have to be in the same place as the configuration file in this example. | The files name.crt and name.key have to be in the same place as the configuration file in this example. | ||
Revision as of 16:28, 14 November 2012
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on TLS with SRTP.
How to set a TLS listener
In ysipchan.conf:
[listener listener-tls] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
SRTP Cryptographic Contexts
Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context".
SRTP uses two types of keys:
- session keys(e.g., encryption or message authentication)
- master keys - a random bit string (given by the key management protocol)
In openssl.conf
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
