User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO

281

282

283

284

285

286

287

288

289

290

MediaPack

SIP User's Manual 288 Document #: LTRT-65408

12.2 SSL/TLS

SSL, also known as TLS, is the method used to secure the MediaPack SIP Signaling

connections, Embedded Web Server and Telnet server. The SSL protocol provides

confidentiality, integrity and authenticity between two communicating applications over

TCP/IP.

Specifications for the SSL/TLS implementation:

 Supports transports: SSL 2.0, SSL 3.0, TLS 1.0

 Supports ciphers: DES, RC4 compatible

 Authentication: X.509 certificates; CRLs are not supported

12.2.1 SIP Over TLS (SIPS)

The MediaPack uses TLS over TCP to encrypt SIP transport and (optionally) to

authenticate it. To enable TLS on the MediaPack, set the selected transport type to TLS

(SIPTransportType = 2). In this mode the gateway initiates a TLS connection only for the

next network hop. To enable TLS all the way to the destination (over multiple hops) set

EnableSIPS to 1. When a TLS connection with the gateway is initiated, the gateway also

responds using TLS regardless of the configured SIP transport type (in this case, the

parameter EnableSIPS is also ignored).

TLS and SIPS use the Certificate Exchange process described in Sections 12.2.4 and

12.2.5. To change the port number used for SIPS transport (by default 5061), use the

parameter TLSLocalSIPPort.

When SIPS is used, it is sometimes required to use two-way authentication. When acting

as the TLS server (in a specific connection) it is possible to demand the authentication of

the client’s certificate. To enable two-way authentication on the MediaPack, set the ini file

parameter, SIPSRequireClientCertificate = 1. For information on installing a client

certificate, refer to Section 12.2.5 on page 292.

12.2.2 Embedded Web Server Configuration

For additional security, you can configure the Embedded Web Server to accept only

secured (HTTPS) connections by changing the parameter HTTPSOnly to 1 (described in

Table 5-50 on page 174).

You can also change the port number used for the secured Web server (by default 443) by

changing the ini file parameter, HTTPSPort (described in Table 5-55 on page 182).

12.2.2.1 Using the Secured Embedded Web Server

¾ To use the secured Embedded Web Server, take these 3 steps:

1. Access the MediaPack using the following URL:

https://[host name] or [IP address]

Depending on the browser's configuration, a security warning dialog may be

displayed. The reason for the warning is that the MediaPack initial certificate is not

trusted by your PC. The browser may allow you to install the certificate, thus skipping

the warning dialog the next time you connect to the MediaPack.