SIP Tasks - Using TLS

Introduction

The SIP tasks support using TLS as transport protocol. To use TLS the protocol specified in SipInitTask must be "TLS". In addition SIPS URIs should be used.

TLS Certificate

To support the server side (UAS) of a TLS connection a certificate must be installed. The certificate used must be i PKCS#12 format. This is a is a password-protected format that can contain multiple certificates and keys. Files in PKCS#12 format usually have extensions such as .pfx and .p12.

The certificate(s) must be specified using SipInitTask, where you specify the path to the certificate file and the password.

Operation

Client side

Any certificate (including self-signed) are accepted. No client certificates are supported.

All cipher suites supported by Java are supported. The TLS versions supported are: TLSv1, TLSv1.1 and TLSv1.2.

Server side

Certificate must be specified as described above.

The following cipher sutes are supported: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_128_CBC_SHA. The TLS versions supported are: TLSv1, TLSv1.1 and TLSv1.2.