SIP TLS Question For Asterisk 11

Home » Asterisk Users » SIP TLS Question For Asterisk 11
Asterisk Users No Comments

Hi All,

I’m on a middle of an asterisk installation/configuration for my company and I’m testing the TLS configuration. For this reason, I used the ast_tls_cert script to build the ssl certificates for my server.

On sip.conf file:
tlsenable=yes tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL
tlsclientmethod=tlsv1

and on my extension number configuration:
transport=tls

Finally, my phone was registered successfully on my asterisk server. But, during my tests and while I switched on sip debug mode, I have seen that on Register I have TLS and on Subscribe I have UDP. Please check the debug output bellow:

1. REGISTER: sip:voip1;transport=tls;lr SIP/2.0
Via: SIP/2.0/TLS
xxx.xxx.xxx.xxx:37156;rport;branch=z9hG4bKPjoCCw0.LEC-qhSMVBqFcWE8K4.jeEqwpI;alias Authorization: Digest username=”2224″, realm=”asterisk”, nonce=”22603797″, uri=”sip:voip1;transport=tls;lr”, response=”125b4df1280600f6dfaf8313ffe6d7cb”, algorithm=MD5

2. SUBSCRIBE sip:2224@voip1 SIP/2.0
Authorization: Digest username=”2224″, realm=”asterisk”, nonce=”0eacf511″, uri=”sip:2224@xxx.xxx.xxx.xxx”, response=”8c8f98e83f215f25359d3c67fffb0eac”, algorithm=MD5

In case of the Subscribe, I have the extension’s password in clear text. I’m not sure if this is correct or if I have to do any other modifications on my PBX to protect the subscribe.

I would appreciate if you have some thoughts that may help.

Regards, Panos