SIP Over TLS

The

supports the exchange of SIP signaling over Transport Layer Security (TLS), an IETF protocol for securing communications across an untrusted network. Normally, SIP packets travel in plain text over TCP or UDP connections. Secure SIP is a security measure that uses TLS, the successor to Secure Sockets Layer (SSL) protocol. TLS operates just above the transport layer (Layer 4) and provides peer authentication, confidentiality and message integrity.

SIP over TLS is configurable independently on each hop between SIP devices. SIP transport type selection is typically configured through IP Signaling Profile. It may also be provisioned on SIP Trunk group or identified through DNS lookup.

If the

receives an INVITE message and is unable to establish a TLS connection with its peer that is the next hop for the INVITE, the SBC replies to the INVITE message with a 408 (Request Timeout) response with a Warning header, warn-code 399 (Miscellaneous warning), and a warning text “TLS connection failure”. This is configurable using the IP Signaling Profile ingress flag sendTLSConnectionFailureResponse 

The

supports a system-wide unified facility for installing X.509v3 digital certificates into the system, for use in authenticating the system and its peers for https management, SIP over TLS, etc. For more information on the TLS usage scenarios, see TLS for Signaling.