Neither "transport=tls" nor "sips:" are mandatory when using SIP over TLS
connection.
As per RFC 5630 subclause 3.1.3:
Because a SIPS URI implies that requests sent to the resource
identified by it be sent over each SIP hop over TLS, SIPS URIs are
not suitable for "best-effort TLS": they are only suitable for "TLS-
only" requests. This is recognized in Section 26.2.2 of [RFC3261].
Users that distribute a SIPS URI as an address-of-record may elect
to operate devices that refuse requests over insecure transports.
If one wants to use "best-effort TLS" for SIP, one just needs to use
a SIP URI, and send the request over TLS.
Using SIP over TLS is very simple. A UA opens a TLS connection and
uses SIP URIs instead of SIPS URIs for all the header fields in a SIP
message (From, To, Request-URI, Contact header field, Route, etc.).
When TLS is used, the Via header field indicates TLS.
As per RFC 5630 subclause 3.1.4:
[RFC3261], Section 26.2.2 deprecated the "transport=tls" URI
transport parameter in SIPS or SIP URIs:
Note that in the SIPS URI scheme, transport is independent of TLS,
and thus "sips:[email protected];transport=TCP" and
"sips:[email protected];transport=sctp" are both valid (although
note that UDP is not a valid transport for SIPS). The use of
"transport=tls" has consequently been deprecated, partly because
it was specific to a single hop of the request. This is a change
since RFC 2543.
The "tls" parameter has not been eliminated from the ABNF in
[RFC3261], Section 25, since the parameter needs to remain in the
ABNF for backward compatibility in order for parsers to be able to
process the parameter correctly. The transport=tls parameter has
never been defined in an RFC, but only in some of the Internet drafts
between [RFC2543] and [RFC3261].
This specification does not make use of the transport=tls parameter.
The reinstatement of the transport=tls parameter, or an alternative
mechanism for indicating the use of the TLS on a single hop in a URI,
is outside the scope of this specification.
For Via header fields, the following transport protocols are defined
in [RFC3261]: "UDP", "TCP", "TLS", "SCTP", and in [RFC4168]: "TLS-
SCTP".
--- En date de : Jeu 18.3.10, Attila Sipos <[email protected]> a
écrit :
De: Attila Sipos <[email protected]>
Objet: [Sip-implementors] does sips imply TLS (and TLS alone)?
À: [email protected]
Date: Jeudi 18 mars 2010, 10h44
If a SIP Contact header has a sips URI, does that mean that one must
send requests using TLS?
Or is there some other secure protocol that one could use?
(my problem: our equipment sends a sips contact and some other vendor
said they'd like to see ";transport=tls" in the Contact
but my belief is that ";transport=tls" isn't required)
regards
Attila
.
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
