Am 30.09.2010 17:27, schrieb Juha Heinanen:
now that 3.1 has async tls support, i decided (first time ever) to try
to test tls. things went quite smoothly when i followed Create
Certificates to be used with Kamailio document
I added note about configuring Snom phones to connect over TLS and
created a section from that part:
http://kamailio.org/dokuwiki/doku.php/tls:create-certificates#using_tls_and_the_certificates_with_sip_phones
Also, in my configs I set:
tcp_connection_lifetime=3610
Which is slightly higher
one question about the certificate tutorial: is something else needed in
the config or certificate business, when sr talks over tls with another
sip proxy, e.g. another sr? namely in that case sr may be in client
role when tls session is established.
-- juha
You are right.
Thanks for fixing my bugs :-)
Klaus
Am 30.09.2010 17:27, schrieb Juha Heinanen:
now that 3.1 has async tls support, i decided (first time ever) to try
to test tls. things went quite smoothly when i followed Create
Certificates to be used with Kamailio document
On Sep 30, 2010 at 18:27, Juha Heinanen j...@tutpro.com wrote:
now that 3.1 has async tls support, i decided (first time ever) to try
to test tls. things went quite smoothly when i followed Create
Certificates to be used with Kamailio document
Daniel-Constantin Mierla writes:
Also, in my configs I set:
tcp_connection_lifetime=3610
so do i. i added that line to the wiki doc.
-- juha
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
On Sep 30, 2010 at 18:44, Juha Heinanen j...@tutpro.com wrote:
one question about the certificate tutorial: is something else needed in
the config or certificate business, when sr talks over tls with another
sip proxy, e.g. another sr? namely in that case sr may be in client
role when tls
Andrei Pelinescu-Onciul writes:
enable_tls=1
tcp_async=no # do not include in 3.1
listen=udp:0.0.0.0:5060
listen=tcp:0.0.0.0:5060
it should not be 0.0.0.0 but an actual IP.
If you use 0.0.0.0 you _must_ set adevertised_adress or
you will
Andrei Pelinescu-Onciul writes:
However if you want to have different certificates in function of the
role (server or client, or who are you talking with, you need to use a
separate tls config
file
(http://sip-router.org/docbook/sip-router/branch/master/modules/tls/tls.html#config)
ok
On Sep 30, 2010 at 19:56, Juha Heinanen j...@tutpro.com wrote:
Andrei Pelinescu-Onciul writes:
However if you want to have different certificates in function of the
role (server or client, or who are you talking with, you need to use a
separate tls config
file
Juha Heinanen writes:
i tried with command
ssldump -i any -k /etc/sip-proxy/certs/sip-proxy/key.pem tcp and port 5061
where /etc/sip-proxy/certs/sip-proxy/key.pem is the same file as
specified as tls module private key:
modparam(tls, private_key, /etc/sip-proxy/certs/sip-proxy/key.pem)
11 matches
Mail list logo
