Hi,
Currently, I'm using TLS and it works fine. But eventually, TLS is just used to agree upon a secret key. And both client and Kamailio use that secret key to encrypt message.
In my solution, I have a fixed secret key. And client encrypt SIP message with that secret key. What code should I insert in Kamalio to decrypt it?
@Daniel
TLS is OK, but many TCP connections will makes client suffering from 503 Service Unavailable error. Please consider this as a feature request :)
On Tue, Apr 2, 2013 at 11:18 AM, Khoa Pham onmyway133@gmail.com wrote:
Hi,
Currently, I'm using TLS and it works fine. But eventually, TLS is just used to agree upon a secret key. And both client and Kamailio use that secret key to encrypt message.
In my solution, I have a fixed secret key. And client encrypt SIP message with that secret key. What code should I insert in Kamalio to decrypt it?
-- Khoa Pham HCMC University of Science Faculty of Information Technology
TLS has two phases - key exchange and encryption. Seems like you only want stream encryption, which means you will have to go deep down in the TLS module and the OpenSSL library.
Why on earth do you want to use a static key? That seems to contradict the need for protection.
/O
3 maj 2013 kl. 14:14 skrev Khoa Pham onmyway133@gmail.com:
@Daniel
TLS is OK, but many TCP connections will makes client suffering from 503 Service Unavailable error. Please consider this as a feature request :)
On Tue, Apr 2, 2013 at 11:18 AM, Khoa Pham onmyway133@gmail.com wrote: Hi,
Currently, I'm using TLS and it works fine. But eventually, TLS is just used to agree upon a secret key. And both client and Kamailio use that secret key to encrypt message.
In my solution, I have a fixed secret key. And client encrypt SIP message with that secret key. What code should I insert in Kamalio to decrypt it?
-- Khoa Pham HCMC University of Science Faculty of Information Technology
-- Khoa Pham HCMC University of Science Faculty of Information Technology _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
@Olle. thanks for your reply
1. I only want stream encryption to avoid SIP ALG (which can modify SIP message wrongly) 2. What is the max concurrent TCP connections can Kamailio handle ? I heard there is a tcp_max_connections, is that the answer ?
On Fri, May 3, 2013 at 7:20 PM, Olle E. Johansson oej@edvina.net wrote:
TLS has two phases - key exchange and encryption. Seems like you only want stream encryption, which means you will have to go deep down in the TLS module and the OpenSSL library.
Why on earth do you want to use a static key? That seems to contradict the need for protection.
/O
3 maj 2013 kl. 14:14 skrev Khoa Pham onmyway133@gmail.com:
@Daniel
TLS is OK, but many TCP connections will makes client suffering from 503 Service Unavailable error. Please consider this as a feature request :)
On Tue, Apr 2, 2013 at 11:18 AM, Khoa Pham onmyway133@gmail.com wrote:
Hi,
Currently, I'm using TLS and it works fine. But eventually, TLS is just used to agree upon a secret key. And both client and Kamailio use that secret key to encrypt message.
In my solution, I have a fixed secret key. And client encrypt SIP message with that secret key. What code should I insert in Kamalio to decrypt it?
-- Khoa Pham HCMC University of Science Faculty of Information Technology
-- Khoa Pham HCMC University of Science Faculty of Information Technology _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
@Olle
To be more specific, I only want UDP with SIP encryption
On Fri, May 3, 2013 at 7:56 PM, Khoa Pham onmyway133@gmail.com wrote:
@Olle. thanks for your reply
- I only want stream encryption to avoid SIP ALG (which can modify SIP
message wrongly) 2. What is the max concurrent TCP connections can Kamailio handle ? I heard there is a tcp_max_connections, is that the answer ?
On Fri, May 3, 2013 at 7:20 PM, Olle E. Johansson oej@edvina.net wrote:
TLS has two phases - key exchange and encryption. Seems like you only want stream encryption, which means you will have to go deep down in the TLS module and the OpenSSL library.
Why on earth do you want to use a static key? That seems to contradict the need for protection.
/O
3 maj 2013 kl. 14:14 skrev Khoa Pham onmyway133@gmail.com:
@Daniel
TLS is OK, but many TCP connections will makes client suffering from 503 Service Unavailable error. Please consider this as a feature request :)
On Tue, Apr 2, 2013 at 11:18 AM, Khoa Pham onmyway133@gmail.com wrote:
Hi,
Currently, I'm using TLS and it works fine. But eventually, TLS is just used to agree upon a secret key. And both client and Kamailio use that secret key to encrypt message.
In my solution, I have a fixed secret key. And client encrypt SIP message with that secret key. What code should I insert in Kamalio to decrypt it?
-- Khoa Pham HCMC University of Science Faculty of Information Technology
-- Khoa Pham HCMC University of Science Faculty of Information Technology _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Khoa Pham HCMC University of Science Faculty of Information Technology
-
Khoa Pham -
Olle E. Johansson