Re: [TLS] Client/Server TLS is equivalent to Client/Server TCP
"Bentkofsky, Michael" <MBentkofsky@verisign.com> Thu, 07 August 2008 16:25 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E48D33A6C21; Thu, 7 Aug 2008 09:25:17 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7565F3A6C46 for <tls@core3.amsl.com>; Thu, 7 Aug 2008 09:25:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJaLycWjNrGc for <tls@core3.amsl.com>; Thu, 7 Aug 2008 09:25:15 -0700 (PDT)
Received: from osprey.verisign.com (osprey.verisign.com [216.168.239.75]) by core3.amsl.com (Postfix) with ESMTP id 151173A6C21 for <tls@ietf.org>; Thu, 7 Aug 2008 09:24:37 -0700 (PDT)
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id m77GO3O2030597; Thu, 7 Aug 2008 12:24:03 -0400
Received: from DUL1WNEXMB05.vcorp.ad.vrsn.com ([10.170.12.240]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 7 Aug 2008 12:24:58 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 07 Aug 2008 12:24:57 -0400
Message-ID: <1CD009E1F15C294C933AE84184EBD8D602D42FC2@DUL1WNEXMB05.vcorp.ad.vrsn.com>
In-Reply-To: <BLU108-W17D612AC006B0C031F925AB750@phx.gbl>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Client/Server TLS is equivalent to Client/Server TCP
Thread-Index: Acj4is/EWzmTKYPITFSdgPYwxc3JbwAG2j1A
References: <BLU108-W17D612AC006B0C031F925AB750@phx.gbl>
From: "Bentkofsky, Michael" <MBentkofsky@verisign.com>
To: Nabil HAMZI <fdl93@hotmail.com>, tls@ietf.org
X-OriginalArrivalTime: 07 Aug 2008 16:24:58.0412 (UTC) FILETIME=[225406C0:01C8F8AA]
Subject: Re: [TLS] Client/Server TLS is equivalent to Client/Server TCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0694377114=="
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Having worked on SIP implementations using TLS, I've never heard of such a protocol as you describe. Typically SIP listens on port 5060 (TCP and/or UDP) and 5061 for TLS. If your goal is to discover whether the server can start a TCP connection, you wouldn't need such a protocol where you send a SIP message followed by an attempted TLS session negotiation -- just connect to the service port typically 5061. If you are trying to discover whether a server can communicate SIP over TLS, there is some work done in this area under RFC 3263. Alternatively consider a protocol where the client sends a SIP request over TCP to port 5060 and the server can send a redirection response to port 5061 using a sips URL. ________________________________ From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Nabil HAMZI Sent: Thursday, August 07, 2008 8:39 AM To: tls@ietf.org Subject: [TLS] Client/Server TLS is equivalent to Client/Server TCP Hello ! I have a question about TCP and TLS. I want to know if the client TCP is necessary the client TLS and the same thing about the server. Because i want to make up SIP on TLS and there is a problem : i need that the server can start a connection, in other word i need that the server SIP become a client TLS. So i dont know if it works but supose : 1) the server send a SIP request to the client on the port 5060 2) the client check the port and it conclude that it s SIP, and it was configured to start a TLS session for doing SIP so it send a ClientHello 3) and the TLS begins. It is correct or not ??
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Client/Server TLS is equivalent to Client/S… Nabil HAMZI
- Re: [TLS] Client/Server TLS is equivalent to Clie… Eric Rescorla
- Re: [TLS] Client/Server TLS is equivalent to Clie… Bentkofsky, Michael