AES + Opensip

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

AES + Opensip

Eust
Hello Everyone,

I got a quick question, hope someone can help me with it. So I got two Polycom VC devices to work with Opensips but the Calls work only when i turn off the Encryption (AES Option), when i turn it on i get an error that some security settings are not working properly.

Can someone tell me if opensips is compatible with AES encryption or is the only encryption possibility, TLS?

Thank you.

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: AES + Opensip

Bogdan-Andrei Iancu-2
Hi,

Basically your Polycom will try to do SIP over TLS with AES cipher ?

Regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
On 11/01/2017 06:26 PM, Trupyy . wrote:
Hello Everyone,

I got a quick question, hope someone can help me with it. So I got two Polycom VC devices to work with Opensips but the Calls work only when i turn off the Encryption (AES Option), when i turn it on i get an error that some security settings are not working properly.

Can someone tell me if opensips is compatible with AES encryption or is the only encryption possibility, TLS?

Thank you.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: AES + Opensip

Eust
Hi, 

Thanks for the answer, sry im not that strong in encryption. I know opensip uses tls and it makes sense to me that tls + something else on top of it would not work, i was interested if it is possible to make opensips work with aes, im guessing not? 

Thanks! 

On Nov 2, 2017 6:21 PM, "Bogdan-Andrei Iancu" <[hidden email]> wrote:
Hi,

Basically your Polycom will try to do SIP over TLS with AES cipher ?

Regards,
Bogdan-Andrei Iancu
  OpenSIPS Founder and Developer
  http://www.opensips-solutions.com
On 11/01/2017 06:26 PM, Trupyy . wrote:
Hello Everyone,

I got a quick question, hope someone can help me with it. So I got two Polycom VC devices to work with Opensips but the Calls work only when i turn off the Encryption (AES Option), when i turn it on i get an error that some security settings are not working properly.

Can someone tell me if opensips is compatible with AES encryption or is the only encryption possibility, TLS?

Thank you.


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: AES + Opensip

Daniel Lakeland
On 11/07/2017 08:37 AM, Trupyy . wrote:
> Hi,
>
> Thanks for the answer, sry im not that strong in encryption. I know
> opensip uses tls and it makes sense to me that tls + something else on
> top of it would not work, i was interested if it is possible to make
> opensips work with aes, im guessing not?
>
> Thanks!
TLS is a method for setting up an encrypted connection, AES is a kind of
encryption algorithm (a cipher). So TLS can set up encrypted sessions
with many different algorithms/ciphers, what you probably need is to
configure your TLS settings such that the ciphers that are allowed
include the AES cipher that the phone wants to use.

At least this should point you in the direction of what to look at. I
can't help much more than that because I don't know a thing about
polycom phones nor do I know where to configure the allowed ciphers,
would take a bunch of googling to figure those out, but at least now you
maybe know what to google ;-)



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: AES + Opensip

Eust
Hi,

thanks for the explanation, il see what can be done, sadly there is not much
information on OpenSips + AES but il try and see if I can figure it out.

If someone has done some research before or tried it out id be grateful for
some info. :)

Thanks.

Eust



--
Sent from: http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: AES + Opensip

Răzvan Crainea-2
Hi, Eust!

As Daniel already pointed out, AES is a cipher, not an encryption
mechanism. If you want to use AES encryption for your traffic, simply
configure TLS to use an AES cipher by setting the ciphers_list parameter[1].
To find out the available AES ciphers, run on your machine:
openssl ciphers

Then choose one (or more) ciphers and feed them to the ciphers_list
parameters. For example:
modparam("tls_mgm", "ciphers_list",
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384")

The previous configuration specifies 3 AES ciphers that can be used for
TLS encryption.

In my opinion I don't see how further this could get, unless you provide
us a more detailed requirement or something specific you want to do.

PS: my system uses 50 AES based ciphers and only 7 other ciphers, so I
am pretty sure that any TLS session is most likely using an AES based
cipher.

[1] http://www.opensips.org/html/docs/modules/2.4.x/tls_mgm#idp5669152

Best regards,

Răzvan Crainea
OpenSIPS Developer
www.opensips-solutions.com

On 11/14/2017 09:52 PM, Eust wrote:

> Hi,
>
> thanks for the explanation, il see what can be done, sadly there is not much
> information on OpenSips + AES but il try and see if I can figure it out.
>
> If someone has done some research before or tried it out id be grateful for
> some info. :)
>
> Thanks.
>
> Eust
>
>
>
> --
> Sent from: http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users