Hi All, I'm on a middle of an asterisk installation/configuration for my company and I'm testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server.
On sip.conf file: tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 and on my extension number configuration: transport=tls Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I switched on sip debug mode, I have seen that on Register I have TLS and on Subscribe I have UDP. Please check the debug output bellow: 1. REGISTER: sip:voip1;transport=tls;lr SIP/2.0 Via: SIP/2.0/TLS xxx.xxx.xxx.xxx:37156;rport;branch=z9hG4bKPjoCCw0.LEC-qhSMVBqFcWE8K4.jeEqwpI;alias Authorization: Digest username="2224", realm="asterisk", nonce="22603797", uri="sip:voip1;transport=tls;lr", response="125b4df1280600f6dfaf8313ffe6d7cb", algorithm=MD5 2. SUBSCRIBE sip:2224@voip1 SIP/2.0 Authorization: Digest username="2224", realm="asterisk", nonce="0eacf511", uri="sip:[email protected]", response="8c8f98e83f215f25359d3c67fffb0eac", algorithm=MD5 In case of the Subscribe, I have the extension's password in clear text. I'm not sure if this is correct or if I have to do any other modifications on my PBX to protect the subscribe. I would appreciate if you have some thoughts that may help. Regards, Panos
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
