[VOIPSEC] TLS and Firewalls
Tim Moses
tim.moses at entrust.com
Tue Feb 8 13:46:38 CST 2005
Is it not also true that you can't secure UDP with TLS? All the best. Tim.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Volker Tanger
Sent: Tuesday, February 08, 2005 1:17 PM
To: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] TLS and Firewalls
Greetings!
On Tue, 08 Feb 2005 18:25:04 +0100
"Thorsten Brinkmann" <mail at Thorsten-Brinkmann.de> wrote:
> securing VoIP (e.g. SIP) with TLS is a nice idea. But how can
> firewalls handle this? Look at the workarounds are needed to use HTTPS
> thru firewalls.
Not at all - the RTP part is the complicated one, opening two completely
independen UDP streams in both directions, usually without any connection to
the SIP session.
The SIP session usually is done between client and gateway/server or the two
gates/servers. After signaling RTP gues between the clients doing the audio
transfer.
And for handling that the firewall *MUST* be able to look into the SIP or
H.323 protocol. Which then is not to be encrypted. So no TLS if you want the
audio stream too and not just the"ringing/busy/okay"-messaging, sorry.
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists at wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list