SIP Security in Yate
How to configure SIP secure
Yate can bind on TLS. This is done using a listener that it is a specific section in ysipchan.conf.
How to set a TLS listener
[general] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
Configure a SSL server context
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.
In ysipchan.conf by default secure parameter is disabled, for using SRTP you have to enable it.
[default] ; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP secure=enable
- SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service.
- SRTP provide significant advantages, especially for voice traffic using low-bitrate voice codecs such as G.729 and iLBC.
- SRTP confidentiality of RTP packets protects packet payloads from being read by entities without the secret encryption key.
- SRTP message authentication of RTP packets protects the integrity of a packet against forgery, alteration, or replacement.
- TLS provide privacy and data integrity between communicating applications.