I have seen UA that set up a new TLS connection for every transaction - this is really bad - totally broken - and will never work in a production environment.
I have see UA that set up a TLS connection per call - this is bad, unlikely to work well and means that incoming calls can't use TLS because there is no session to the proxy when their is no call active (assuming UA does not have a cert) I think the best is the UA tries to keep it open forever, and if the proxy wants to close it due to running out of resources, it can. On 12/15/04 4:40 PM, "Todd Huang" <[EMAIL PROTECTED]> wrote: > Mr. Jennings: > > Thanks. > > On what condition will the client break down the TLS channel? > > I saw one implementation that will disconnect the TCP connection of the > active call session > and establish a new TCP connection when sending BYE to terminate the call. > It will then > break down the TLS channel. Is it necessary? > > If any request message sent from the client gets the error response > (500, 603,....), should > the client need to break down the TLS channel and establish a new one? > > Is it possible for the proxy server to send close_notify alert to turn > off the TLS channel? > > Thanks. > >> From: Cullen Jennings <[EMAIL PROTECTED]> >> To: Todd Huang <[EMAIL PROTECTED]> >> CC: <[EMAIL PROTECTED]> >> Subject: Re: [Sip-implementors] SIP TLS >> Date: Tue, 14 Dec 2004 19:54:21 -0700 >> >> >> yes, If a TLS connection is made to foo.com, then it can be left up for a >> long time and any message destined for foo.com can be sent over it. >> >> inline ... >> >> On 12/13/04 4:59 AM, "Todd Huang" <[EMAIL PROTECTED]> wrote: >> >>> Mr. Jennings: >>> >>> Thanks. >>> >>> As you mentioned, the TLS channels should be kept up for a ling time >> and >>> can be used for >>> many transactions. Do you mean that the TLS channel should be always >> there >>> once it had been >>> successfully established between the client and the proxy server? >>> >>> For example, the client successfully establishes the TLS channel >> with >>> the proxy server and >>> does the following operations: >>> >>> 1. Sends Register to the Proxy server >>> 2. Sends Invite to another user, but cancels it before the party >> answers it >>> 3. Sends Invite to another user, and terminates the call by sending Bye >>> 4. Sends Invite to the same user again later >>> >>> Will all these SIP messages be sent on the same TLS channel without >>> breaking it down and >> yes - assuming all these messages were sent to the same outbound proxy >> >>> >>> If the client is equipped with two voice ports, should we establish >>> independent TLS channel >>> for each voice port respectively? Or all of the transactions held >> between >>> the client and the Proxy >>> server can use the same TLS channel no matter which port generating it? >>> >> They can be done on one port (assuming they both connect to the same proxy) > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
