PJSIP TLS Transport

Does the tls transport imply tcp?

I am trying to securely connect to a service provider, who says

reg.sip-trunk.telekom.de. 84600 IN NAPTR 10 0 “s” “SIPS+D2T” “” _sips._tcp.reg.sip-trunk.telekom.de.

and offers a certificate for that purpose, but I am currently unable to get any response.

My transport section looks like this:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=${keypath}/globalroot_class_2.crt
method=tlsv1
allow_reload=yes

and I have replaced sip by sips in every SIP uri in the other places.

Currently, I would be happy to get a response from the upstream server, which is not the case with my configuration.

Transport Layer Security only uses TCP.

Thanks, I wasn’t sure after there was no answer at all.

In my case the initial problem was the statement “method=tlsv1”, which should have been “method=ssl23.” Somebody else with a deeper knowledge of openssl help me by pointing out that tlsv1 unnecessarily restricts what openssl can negotiate. If the other side doesn’t want tlsv1, you are out of luck.

Now that REGISTER, OPTIONS, etc works, I don’t get any media stream to work, but that’s something for tomorrow.

Yes, the default of PJSIP is TLS 1.0-only and therefore a disaster. With that parameter value above, you change to auto-negotiation. However, if you upgrade your OpenSSL to 1.1 or newer, PJSIP auto-negotiates even on default. If you want to take greater control about this, there is a dedicated thread…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.