Tls: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
Since version 11 VoIPmonitor sniffer is able to decode and decrypt TLS SIP protocol by providing private key. | Since version 11 VoIPmonitor sniffer is able to decode and decrypt TLS SIP protocol by providing private key. | ||
Please note that the sniffer only supports TLS layer and not | Please note that the sniffer only supports TLS layer and SSLv3 (not SSLv1 or SSLv2) layer which you can verify in CLIENT HELLO packet in wireshark where you can see SSL or TLS in header. | ||
Decrypted SIP packets are converted to virtual UDP packets with the same ethernet headers replacing the IP TCP layer with UDP so you will not see the TCP stream in stored pcap files. | Decrypted SIP packets are converted to virtual UDP packets with the same ethernet headers replacing the IP TCP layer with UDP so you will not see the TCP stream in stored pcap files. | ||
Line 9: | Line 9: | ||
Please note that TLS where cipher suite is set to Diffie–Hellman key exchange is not possible to decode in any way. It is possible only if your software (PBX/SBC) is storing key for each TLS session but still this feature is not supported. The only solution is to change the cipher suite to use anything else than diffie hellman cipher suites. | Please note that TLS where cipher suite is set to Diffie–Hellman key exchange is not possible to decode in any way. It is possible only if your software (PBX/SBC) is storing key for each TLS session but still this feature is not supported. The only solution is to change the cipher suite to use anything else than diffie hellman cipher suites. | ||
VoIPmonitor do not decrypt SRTP. | |||
== Configuration == | == Configuration == |
Revision as of 21:03, 13 March 2017
Since version 11 VoIPmonitor sniffer is able to decode and decrypt TLS SIP protocol by providing private key.
Please note that the sniffer only supports TLS layer and SSLv3 (not SSLv1 or SSLv2) layer which you can verify in CLIENT HELLO packet in wireshark where you can see SSL or TLS in header.
Decrypted SIP packets are converted to virtual UDP packets with the same ethernet headers replacing the IP TCP layer with UDP so you will not see the TCP stream in stored pcap files.
TLS feature is still in beta - if you will have any problems which are reproducible we need to see pcap file with the TLS packets (no need for RTP) and of course the private key.
Please note that TLS where cipher suite is set to Diffie–Hellman key exchange is not possible to decode in any way. It is possible only if your software (PBX/SBC) is storing key for each TLS session but still this feature is not supported. The only solution is to change the cipher suite to use anything else than diffie hellman cipher suites.
VoIPmonitor do not decrypt SRTP.
Configuration
add to the voipmonitor.conf
ssl = yes ssl_ipport = 10.0.0.1 : 5061 /etc/private.key
where 10.0.0.1 is server with TLS port 5061. Private key is in /etc/private.key and it is in PEM format (starting with -----BEGIN RSA PRIVATE KEY-----)