Thanks for the clarifications. Now, when we ask the client to have a certificate, where do we control what client certificates will be accepted? I.e.: I don't want any valid certificate to authentcate but only those ones I accept as valid. Moacir > Date: Thu, 23 May 2013 10:34:09 +0200 > From: klaus.mailingli...@pernau.at > To: mico...@gmail.com; sr-users@lists.sip-router.org > Subject: Re: [SR-Users] TLS > > > > On 22.05.2013 11:19, Daniel-Constantin Mierla wrote: > >>> > >>> - Finally, do you know any free softphone that implements mutual TLS > >>> authentication? > >> > >> I am not aware of any. > > > > Like the softphone authenticating the server based on server certificate? > > MTLS just means, that the TLS server requires a certificate from the TLS > client. Thus, between SIP clients and SIP server this merely means that > not only the client authenticates the proxy, but the proxy also > authenticates the client based on the client's TLS certificate. > > Nice that Jitsi supports it - although I failed to configure Jitsi :-) > If someone fails configuring TLS for Jitsi, see this howto: > http://www.resiprocate.org/ReproMutualTLSAuthenticationJitsi#Setting_up_Jitsi > > I just found out that my QjSimple [1] also supports client certificates :-) > > > regards > Klaus > > [1] http://www.ipcom.at/en/telephony/qjsimple/ > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
