Re: [OpenSIPS-Users] Multiple TLS server domain setup
Thanks Razvan. On Wed, Sep 27, 2023, 9:55 AM Răzvan Crainea wrote: > Unfortunately no, it's either SNI, or a different port. There's > currently no way to filter based on source IP address. > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer / SIPhub CTO > http://www.opensips-solutions.com / https://www.siphub.com > > On 9/26/23 21:15, L S wrote: > > Hi, > > I'm trying to set up two tls domains for two sets of clients. First one > > requires TLSv1 (higher not supported), and the other one requires > > TLSv1_2 or higher. > > Right now the domain with tlsv1 is active on 5061 and has no issues. I'm > > trying to add the second domain. > > > > As far as I understand (do not have much experience with tls config), > > for incoming traffic (server domain), we can either ask them to use port > > 5062 or provide SNI so that they can also connect thru 5061. Not sure if > > they want to/can do that. Is there any other way we can distinguish > > these two clients; e.g. from the source ip? > > > > Thanks, > > Matt > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Multiple TLS server domain setup
Unfortunately no, it's either SNI, or a different port. There's currently no way to filter based on source IP address. Best regards, Răzvan Crainea OpenSIPS Core Developer / SIPhub CTO http://www.opensips-solutions.com / https://www.siphub.com On 9/26/23 21:15, L S wrote: Hi, I'm trying to set up two tls domains for two sets of clients. First one requires TLSv1 (higher not supported), and the other one requires TLSv1_2 or higher. Right now the domain with tlsv1 is active on 5061 and has no issues. I'm trying to add the second domain. As far as I understand (do not have much experience with tls config), for incoming traffic (server domain), we can either ask them to use port 5062 or provide SNI so that they can also connect thru 5061. Not sure if they want to/can do that. Is there any other way we can distinguish these two clients; e.g. from the source ip? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Multiple TLS server domain setup
Hi, I'm trying to set up two tls domains for two sets of clients. First one requires TLSv1 (higher not supported), and the other one requires TLSv1_2 or higher. Right now the domain with tlsv1 is active on 5061 and has no issues. I'm trying to add the second domain. As far as I understand (do not have much experience with tls config), for incoming traffic (server domain), we can either ask them to use port 5062 or provide SNI so that they can also connect thru 5061. Not sure if they want to/can do that. Is there any other way we can distinguish these two clients; e.g. from the source ip? Thanks, Matt ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users