2011/9/15 I?aki Baz Castillo <ibc at aliax.net>: > Basically the only I ask is that PJSIP should use TLS in case the > destination URI (the top most Route of the RURI if there is no Route) > has "sips" schema (and optionally ;transport=tcp param which is not > required as sips: means TCP by default). > > Note that "sips:alice at example.com" (which is equivalent to > "sips:alice at example.com;transport=tcp" means: > > "Use TCP transport but securily", which implies TLS over TCP. > > The usage of ;transport=tls is widely used but it's incorrect as per > RFC 3261 and other RFC's. No one RFC about SIP suggests the usage of > ;transport=tls. > > Also, then the UAC (PJSIP) uses TLS as first hop but the destination > (i.e. the RURI) has "sip" schema, it must construct the request as > follows: > > ?INVITE sip:alice at domain.com SIP/2.0 > ?Via: SIP/2.0/TLS 1.2.3.4;branch=qweqwe > ?From: sip:bob@xxxxxxxxxx;tag=qweqwe > ?To: sip:alice at domain.com > ?Contact: sips:alice at 1.2.3.4;transport=tcp > > The SIPS URI in the Contact is important beacuse this will tell the > proxy (if it does loose-routing) to send incoming in-dialog request > (as BYE) using TLS-over-TCP to arrive to 1.2.3.4 (as PJSIP is > listening on TLS:1.2.3.4:5061. > > There is no problem with SIPS schema in the Contact URI, as when the > request passes through a proxy (or more) it would add Record-Route > headers and the remote peer should contact the top most Record-Route > when it sends an in-dialog request, so it will no care about the SIPS > schema in the Contact. > > All of this is fully tested. I've sent a mail to IETF-SIP WG reporting a bug in RFC 5630, which is related to this topic: http://www.ietf.org/mail-archive/web/sip/current/msg27887.html -- I?aki Baz Castillo <ibc at aliax.net>
