Versions Compared

Old Version 6

changes.mady.by.user Unknown User (jan)

Saved on

compared with

New Version 7

changes.mady.by.user Unknown User (jan)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration  

Edit your ser.cfg

Enable TLS

Enable TLS and define the address and port where TLS will be listening

No Format
# ----------- global configuration parameters ------------------------
enable_tls=yes
listen=tls:1.2.3.4:5061

Load the module

No Format
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/tls.so"

Set the parameters

No Format
# ----------------- setting module-specific parameters ---------------
modparam("tls", "private_key", "/etc/certs/key.pem")
modparam("tls", "certificate", "/etc/certs/cert.pem")
modparam("tls", "ca_list", "/etc/certs/ca_list.pem")

modparam("tls", "require_certificate", 0)
modparam("tls", "verify_certificate", 1)

modparam("tls", "tls_method", "TLSv1")
#modparam("tls", "tls_method", "SSLv23")

modparam("tls", "tls_log", 2)
modparam("tls", "handshake_timeout", 10)
modparam("tls", "send_timeout", 10)

Verification

No Format
modparam("tls", "require_certificate", 0)
modparam("tls", "verify_certificate", 1)

...

Require=0 and Verify=0 is the weaker settings which provides just an encrypted tunnel (if cipher is not NULL)
Require=0 and Verify=1 - if TLS client provides a certificate it is verified, this settings allow you sip clients without certificate to talk to SER. SER with this setting acting as TLS client send his certificate (Mutual authen tication is possible). Status TLS client side verification ids written into select framwork.

SSL vs TLS

No Format
modparam("tls", "tls_method", "TLSv1")
#modparam("tls", "tls_method", "SSLv23")

Sample config

Sample config without registrion authentication and with tls routing to domainB (not necessary for enabling TLS for clients)

...