free switch : what is tls_port ?

Question

Hi all,

I am beginner to free switch.I have gone through the configuration file vars.xml in free switch.

In this I have seen the following configurations.

  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
  <X-PRE-PROCESS cmd="set" data="internal_sip_port=5070"/>
  <X-PRE-PROCESS cmd="set" data="internal_tls_port=5071"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
  <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>

In the above I am having the doubt with tls_port. What is the use of tls_port .I have searched about this in net and I have read that tls protocol is used for secure data transfer in network.

So please explain me about the communication in freeswitch.

Thanks in advance.

Answer 1

Hi, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two cryptographic protocols which permits to communicate safely and guarantee data integrity over TCP/IP networks, as Internet for example.

TLS e SSL cypher communication end-to-end at transport layer. Other well known protocols as TCP, UDP enable communication at the same layer.

So as TCP uses port 80 by defualt for communication, you must set a port for your TSL protocol in free switch. This is the meaning of tsl_port parameter previously.

Please keep in mind that TLS is disabled by default, set internal_ssl_enable and/or external_ssl_enable to "true" to enable.

Answer 2

Hello kiruthika, if you don't know what TLS is, you just don't need it in freeswitch. Freeswitch uses TLS to secure the SIP protocol, but SIP will usually work in clear without encryption and often it's also easier to debug SIP with tools such as wireshark without TLS. Here you can find further information: http://wiki.freeswitch.org/wiki/Tls#TLS.2C_SSL_and_SRTP_Encryption In my view it's better if you don't bother with TLS and Secure RTP as long as you are just scratching the surface of FreeSWITCH, there are more interest things to learn first in my view. Otherwise if you are on a production environment with very strict security requirements you should study not only FreeSWITCH but the relevant RFCs too! ;-)