Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TLS only allows SIP entities to authenticate servers to which they are adjacent to. Establishing a TLS connection authenticates  both transport endpoints but does not authenticate the SIP messages flowing through the link. For example, two proxies may carry traffic between them over TLS but this does not stop a malicious gateway from injecting suspect SIP traffic in either end of the TLS link. SIPS can be used to ensure that TLS is maintained for all hops carrying SIP messages, therefore reducing the risk of such an attack. SIPS is enabled/disabled in the IMG 1010 - SIP Profile - 10.5.3 pane.

Supported Information:

  • The IMG supports SSLv3 and TLSv1.

  • TLS is supported only over TCP and requires a separate port. The default port is 5061 and is configurable in the SIP Signaling object.

  • The IMG supports 128 Bit Encryption

  • A Certificate Database is created and uploaded to the IMG.

  • The IMG will allow a maximum of 16 Trust ID's or Certificate Entries

  • TLS is also supported on the IMG's virtual IP addresses

  • The IMG supports X.509 certificates only and supports a maximum depth of CA certificates during certificate verification to four.

  • The use of certificates requires that the clock on the IMG be synchronized with the network time to ensure proper validation of certificates. To configure clock see IMG 1010 - Configure SNTP on GCEMS Server

Not Supported:

  • CRL (Certificate Revocation Lists) are not supported.

  • SNMP or MIB requirements are not supported.

  • DNS or ENUM lookups of NAPTR/SVR records containing SIP URI's is not supported.