Mr. Jennings:
Thanks.
As you mentioned, the TLS channels should be kept up for a ling time and can be used for
many transactions. Do you mean that the TLS channel should be always there once it had been
successfully established between the client and the proxy server?
For example, the client successfully establishes the TLS channel with the proxy server and
does the following operations:
1. Sends Register to the Proxy server 2. Sends Invite to another user, but cancels it before the party answers it 3. Sends Invite to another user, and terminates the call by sending Bye 4. Sends Invite to the same user again later
Will all these SIP messages be sent on the same TLS channel without breaking it down and
creating it again alternatively?
If the client is equipped with two voice ports, should we establish independent TLS channel
for each voice port respectively? Or all of the transactions held between the client and the Proxy
server can use the same TLS channel no matter which port generating it?
Thanks.
> Mr. Jennings:
>
> Thanks for your kindly answer.
>
> Followings are some questions about the SIP TLS implemantation.
>
> 1. Can the established TLS channel be hold for the subsequent SIP messages?
> For example,
yes
> the client established the TLS channel with the proxy server before
> sending the Register
> message. Will the client send close_notify alert right after receiving
> the 200 OK from the
> server? Or the client can continuously using this TLS channel for the
> upcoming incoming
> or outgoing call?
>
> I had seen one implementation for the client to send close_notify alert
> right after the 401
> response. The client then established a new TLS channel to complete the
> SIP challenge
> response process. Is it correct?
>
The TLS channels should be kept up for a ling time and can be used for many transaction. It should not be re setup for each transaction
> 2. Should the client get the server's certificate in advance to build the
> trusted CA list in order
> to verify server's certificate? How can we build the trusted CA list on
> client side?
No it can get the cert when it does the TLS handshake, but it does need to have a list of trusted roots - I suggest the UA should have a configurable list certificates for trusted roots
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
