2

I already read this post. But I only understand about how does handshake work, the problem is I don't know how TLS work with another protocol like SIP. I'm confusing about two points:

  1. TLS keep communicating with TLS's header and the payload is whole another protocol package (example SIP package).
  2. Or they will communicate with another protocol header with the payload is encrypted by the key of TLS?
Community
  • 1
Mr2uang
  • 23
  • 2

2 Answers2

1

It's very similar to how we use TLS with websites. Just like we have clear-text http on (TCP/port 80) and http over TLS, also referred to as https running on (TCP/port 443) we do something very similar with SIP. SIP uses (TCP/port 5060) for cleartext and SIPS uses (TCP port 5061) for SIP over TLS.

That said to answer your question in a little more detail the two servers would externally be seen to just have a TLS connection with a client connecting to a server on (TCP port 5061) and inside of that "encrypted communication tunnel of sorts" the SIP traffic is sent from one system to another.

Useful references:

https://www.ietf.org/rfc/rfc3261.txt

https://en.wikipedia.org/wiki/Session_Initiation_Protocol

Trey Blalock
  • 14,109
  • 6
  • 43
  • 49
  • Your answer looks like point 2 right? – Mr2uang Mar 24 '16 at 19:42
  • It's something like this: SIP on top of TLS on top of TCP on top of IP. – Trey Blalock Mar 24 '16 at 23:35
  • That means SIP's payload is encrypted by TLS right? because I want to make an application about SIPS so I need to understand how TLS work – Mr2uang Mar 25 '16 at 03:35
  • Yes, all of SIP's payload will be encrypted by TLS. If you haven't already done so download a copy of WireShark https://www.wireshark.org/ and examine some SIP and SIPS traffic side by side. You will learn a LOT from the process. – Trey Blalock Mar 25 '16 at 05:38
0

TLS is a wrapper around the application protocol. In the case of OpenSSL, after configuring the connection, you use SSL_read and SSL_write instead of normal read/write calls; these take care of wrapping/unwrapping the application protocol in SSL/TLS for you.

Phil Lello
  • 1,122
  • 10
  • 15
  • So your answer is the point 1 right? – Mr2uang Mar 24 '16 at 19:57
  • +1 this answers the question. It's like putting something that's already inside a box inside another box, but this box has a lock on it. –  Mar 25 '16 at 03:48