[VOIPSEC] TLS and Firewalls
Volker Tanger
vtlists at wyae.de
Tue Feb 8 18:17:29 GMT 2005
Greetings!
On Tue, 08 Feb 2005 18:25:04 +0100
"Thorsten Brinkmann" <mail at Thorsten-Brinkmann.de> wrote:
> securing VoIP (e.g. SIP) with TLS is a nice idea. But how can
> firewalls handle this? Look at the workarounds are needed to use HTTPS
> thru firewalls.
Not at all - the RTP part is the complicated one, opening two completely
independen UDP streams in both directions, usually without any
connection to the SIP session.
The SIP session usually is done between client and gateway/server or the
two gates/servers. After signaling RTP gues between the clients doing
the audio transfer.
And for handling that the firewall *MUST* be able to look into the SIP
or H.323 protocol. Which then is not to be encrypted. So no TLS if you
want the audio stream too and not just the"ringing/busy/okay"-messaging,
sorry.
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists at wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
More information about the Voipsec
mailing list