Browsed by
Tag: tls

Support TLSv1.3

Support TLSv1.3

miniSIPServer recently is upgraded to support TLSv1.3. This modification doesn’t affect configuration, so you need to do nothing if you upgrade your miniSIPServer to the latest versions.

Two modules could use TLS transport: (1) SIP server, and (2) Embeded HTTP server. If your SIP phones can support TLSv1.3, it is better to use TLSv1.3 to protect communication. Please refer to “SIP over TLS” document for more details. Both local miniSIPServer and cloud miniSIPServer can support SIP over TLSv1.3 now.

By default, miniSIPServer starts an embeded HTTP server for web management. If you want to manage it through the pubilc network, you have to enable TLS transport to protect HTTP information. In another way, most navigators, such as Chrome, Edge, Firefox and so on, can support TLSv1.3 now. Please refer to “web management” document to enable encrypted HTTP.

Security problem

Security problem

OpenSSL released new versions to fix several serious security problems. miniSIPServer uses the OpenSSL library to provide the SIP over TLS feature and we upgrade miniSIPServer to V40 (20230221) versions which use the latest OpenSSL library.

If you have deployed “SIP over TLS” in your VoIP network, we strongly recommend that you upgrade miniSIPServer to the latest versions.

“SIP over TLS” enabled in cloud system

“SIP over TLS” enabled in cloud system

We upgraded cloud miniSIPServer system for some key features. The most important feature is “SIP over TLS”.

By default, cloud system opens TCP port 6060 to accept “SIP over TLS” messages. It is used to encrypt SIP messages. This feature is available for all virtual servers without any additional fee or configurations.

Now, SIP phones can connect to cloud miniSIPServer nodes with “SIP over TLS”, but “external line” and “SIP trunk” still can only use “SIP over UDP” to work with voip providers.

This feature can only encrypt SIP messages. If you want to encrypt media streams, such as audio stream and video stream, you need enable SRTP in your SIP phones. By default, media streams are bypass and processed by SIP phones themselves, cloud miniSIPServer will not process these media streams.

Please visit online document “SIP over TLS” for more details.

Refine “SIP over TLS”

Refine “SIP over TLS”

Some customers report a crash problem to us. All of them deploy “SIP over TLS” in their VoIP networks. We have upgraded miniSIPServer to latest V35 (build 20190313) with following key modifications.

(1) In the latest miniSIPServer, SSL library has been upgraded to the latest version.

(2) Only TLSv1.2 method is kept, that means SSLv2, SSLv3, TLSv1 and TLSv1.1 are cut. When we did research on customers’ problems, we found some bad guys were trying to use the bug of SSLv3 to hack into MSS. We have to move all these methods out to defend that. In future, we will add other methods, such as TLSv1.3. At this time, we need confirm SIP phones can support TLSv1.2 too if we want to deploy SIP over TLS.

In another way, we refine “SIP over TLS” document to provide a simple demo on how to create certificate files.

MYVOIPAPP.com is HTTPs enabled now.

MYVOIPAPP.com is HTTPs enabled now.

We were busy on migrating our official website to new cloud computing systems in the past week. At the same time, we configure HTTPS for our website by default.

Now when you visit our website with HTTP connection, it will be converted to HTTPS automatically. It will make sure of communication between you and our website to anti invalid watching or modifications.

Since our system has been built on new cloud systems, it should be more stabler and faster. If you have any problem when visiting our website, please update us. We are appreciated for that.