Site Map
SIP traffic can be secured at the transport layer by encrypting data using TLS over TCP. However, using TLS as a transport by itself only guarantees encryption over a single hop. Since it is very common for a SIP call to traverse multiple proxy servers from one end to the other, there is a need to guarantee end-to-end security for SIP traffic. In order to assure this end-to-end security, SIP provides a secure URI scheme called SIPS. A call to a SIPS URI is guaranteed to be encrypted from end to end. All SIP traffic within this call will be secured using TLS from the sender to the domain of the final recipient. Once a SIP message reaches the domain of the final recipient, it will be securely sent to the final destination. However it is not mandatory that TLS be used. The security mechanism for this last hop is determined by the domain of the final destination. VOCAL's secure SIP implementation is based on requirements and recommendations specified in RFC 3261. VOCAL's TLS implementation uses OpenSSL version 1.0.0 which supports TLS version 1 as defined by RFC 2246.