[jitsi-users] JIGASI connecting using TLS and SRTP


#1

Hello,

is there a way to perform a remote PBX connection with JIGASI using TLS
and SRTP. How? If not, how difficult could be implement this feature by
myself. Any suggestions about this could be welcome.

Thanks in advance.

···

--
Pablo Saavedra Rodiño
psaavedra@igalia.com | Mail
www.igalia.com | Web


#2

is there a way to perform a remote PBX connection with JIGASI using TLS
and SRTP. How? If not, how difficult could be implement this feature by
myself. Any suggestions about this could be welcome.

Yes, this should work. Install Jitsi Desktop, configure your SIP account there to work with TLS and SRTP. Then copy the account settings over to Jigasi.

Beware: Jigasi doesn't check the validity of SSL certificates!

Thanks in advance.

Ingo


#3

Great, this way works for me! Thanks a lot!

By the way, the SSL certificate validation is quite important for us in
order to avoid MiM attacks, so if you can suggest me hat part of the
code is involved in this check I could pleased to contribute all the
required code and functionality.

···

El 02/06/16 a las 09:49, Ingo Bauersachs escribió:

is there a way to perform a remote PBX connection with JIGASI using TLS
and SRTP. How? If not, how difficult could be implement this feature by
myself. Any suggestions about this could be welcome.

Yes, this should work. Install Jitsi Desktop, configure your SIP account there to work with TLS and SRTP. Then copy the account settings over to Jigasi.

Beware: Jigasi doesn't check the validity of SSL certificates!

Thanks in advance.

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Pablo Saavedra Rodiño
psaavedra@igalia.com | Mail
www.igalia.com | Web


#4

Great, this way works for me! Thanks a lot!

By the way, the SSL certificate validation is quite important for us in
order to avoid MiM attacks, so if you can suggest me hat part of the
code is involved in this check I could pleased to contribute all the
required code and functionality.

https://github.com/jitsi/jigasi/blob/master/src/main/java/org/jitsi/jigasi/Main.java#L221

I'm not sure what happens if you simply remove this property. In Jitsi Desktop, if the certificate is invalid, a popup would ask the user to confirm the connection. However, this confirmation obviously not be shown in a daemon. So IMO it should simply fail to connect and log it. It might already do that, but you'd need to test.

Ingo