2011/7/6 Klaus Darilion <[email protected]>: > Inaki, how can we deal with this scenario: > > Client uses TLS to the proxy. Between proxy and gateway UDP is used. > > In a deprecated way I would use: > INVITE sip:12345@domain > Route: sip:domain;transport=tls > Contact: sip:1.2.3.4:5678;transport=tls > > > In the standardized way I think I have to use: > INVITE sip:12345@domain > Route: sips:domain;transport=tcp > Contact: sips:1.2.3.4:5678;transport=tcp
The Route can be removed, the only important header would be: Via: SIP/2.0/TLS... > > Thus, reINVITE would have RURI with "sips". Wouldn't this imply that all > the way TLS must be used and reINVITE fail as the gateway only supports UDP? No, because the re-INVITE will contain some Route headers, the first one with sips schema (leg client<->proxy), which is removed by the proxy (it's ifself). The second one with sip schema (leg proxy<->gw), which would also be removed (double Record-Route mechanism as there is transport change). More explained: Initial INVITE Client -> Proxy (TLS) ----------------------------------------- INVITE sip:12345@domain Contact: sips:1.2.3.4:5678;transport=tcp Via: SIP/2.0/TLS... Initial INVITE Proxy -> GW (UDP) ----------------------------------------- INVITE sip:12345@GW Contact: sips:1.2.3.4:5678;transport=tcp Via: SIP/2.0/TLS... Record-Route: sip:PROXY;transport=udp Record-Route: sips:PROXY;transport=tcp 200 from GW -> Proxy (UDP) ---------------------------------------- SIP/2.0 200 OK Contact: sip:12345@GW;transport=udp BYE from GW -> Proxy (UDP) ------------------------------------------ BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0 Via: SIP/2.0/UDP... Route: sip:PROXY;transport=udp Route: sips:PROXY;transport=tcp The proxy removes both Route headers, so just the RURI remains. It contains sips with ;transport=tcp, so uses TLS over TCP. BYE from Proxy -> Client (TLS) ----------------------------------------- BYE sips:1.2.3.4:5678;transport=tcp SIP/2.0 Via: SIP/2.0/TLS... or BYE from Client -> Proxy (TLS) ---------------------------------------- BYE sip:12345@GW;transport=udp SIP/2.0 Via: SIP/2.0/TLS... Route: sips:PROXY;transport=tcp Route: sip:PROXY;transport=udp Proxy removes both Route headers so inspects RURI which uses "udp": BYE from Proxy -> GW (UDP) ---------------------------------------- BYE sip:12345@GW;transport=udp SIP/2.0 Via: SIP/2.0/UDP... So, there is no need at all for ;transport=tls, which in fact, does NOT exist. Cheers. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
