SIP Security in Yate

From Yate Documentation
(Difference between revisions)
Jump to: navigation, search
(SRTP Cryptographic Contexts)
(SRTP Cryptographic Contexts)
Line 25: Line 25:
 
The files name.crt and name.key have to be in the same place as the configuration file in this example.
 
The files name.crt and name.key have to be in the same place as the configuration file in this example.
  
===SRTP Cryptographic Contexts===
+
===Enable SRTP===
  
 
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.
 
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.

Revision as of 17:10, 14 November 2012

Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.

SIP secure it is done by building a TLS listener. Yate will bind on TLS and will use SRTP packets for voice.

How to set a TLS listener

In ysipchan.conf:

[general]
type=tls
addr=x.x.x.x
port=5061
sslcontext=server_context

Configure a SSL server context

In openssl.conf

[server_context]
enable=yes
certificate=name.crt
key=name.key

The files name.crt and name.key have to be in the same place as the configuration file in this example.

Enable SRTP

Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.

In ysipchan.conf by default secure parameter is disabled, for using SRTP you have to enable it.

[default]
; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP
secure=enable

See also

Personal tools
Namespaces

Variants
Actions
Preface
Configuration
Administrators
Developers