Sunday, October 3, 2010

Best of New in Kamailio 3.1.0 - #6: Asynchronous TLS

Demand for secure communication increased lately. Caused or not by more and more attacks on VoIP systems lately, as well as better penetration of Instant Messaging and Presence in SIP networks, IP telephony providers look now seriously to offer full content protection as a service.

Kamailio 3.1.0 is the first version that can be truly used for large scale full encrypted SIP communication engine. OpenSER (up to Kamailio 1.5.x) had more like a beta implementation, it was added for prototyping purposes and never improved, maybe also a result of missing TLS clients at that time.

Previous version, Kamailio 3.0.x, had a completely re-architectured TLS implementation, inherited from SIP Express Router (SER) v2.1.0, which was designed for massive scalability. Still, the missing piece in 3.0.x was asynchronous support. This was added in 3.1.0.

Asynchronous TLS support in v3.1.0 stands out through its simplicity to configure. It is on by default, transparent to configuration file. You can disable it via TCP connection control parameter:

tcp_async=no

The tls module has a comprehensive documentation:
TLS being a layer on top of TCP, many tunings can be done via global TCP parameters:

No comments:

Post a Comment