SIP Security in Yate
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on TLS with SRTP.
How to set a TLS listener
[listener listener-tls] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
SRTP Cryptographic Contexts
Each SRTP stream requires the sender and receiver to maintain cryptographic state information. This information is called the "cryptographic context".
SRTP uses two types of keys:
- session keys(e.g., encryption or message authentication)
- master keys - a random bit string (given by the key management protocol)
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.