VoiceGuide IVR Software Main Page
Jump to content

Twilio soon will only allow SIP TLS Version 1.2 only. What to do with VG?

Recommended Posts

Hello,

We are using Twilio  SIP accounts for some of our customers, and we received a message from Twilio today that they will only support TLS version 1.2 soon.

If TLS is to be used, do I need to configure VG to use TLS 1.2?

the VG versions we are using are 7.6.xx

Thanks in advance. 

Share this post


Link to post

Are you currently using TLS on your SIP trunks ?

Seems like Twilio is advising that any existing SIP trunks that use TLS will continue to use existing TLS protocol, unless changes are made in that trunk's Twilio config to switch to TLS v1.2

And any TLS SIP trunks created in Twilio in future will default to TLS v1.2, but this can be changed to previous TLS versions by making a change in in that trunk's Twilio config.

But all this TLS related advice above only applies if you actually use TLS on your SIP trunks in first place...

Had a look though your previous posts and it does not seem like you are using TLS on your SIP trunks...

Share this post


Link to post

Thanks for the reply.

OK, I will confirm that with our network admin (I am no longer in position of SIP configuration for the customers via Twilio, which is good.) if we plan to provide any TLS options to customers going forward.

By the way, is it necessary to use TLS on SIP overall? 

Thank  you.

Share this post


Link to post
Quote

is it necessary to use TLS on SIP overall

No. It's not necessary. SIP does not demand that you use TLS or other encryption with it.

TLS and other encryption can be used on top of SIP to hide the contents of SIP messages exchanged, but you do not have to use encryption with SIP, and by default no encryption is used.

If you really do need to set up TLS for security reasons, then there is a way to set VoiceGuide to use TLS (any version, including 1.2), and we can provide instructions. It's a bit involved, but basically you are just adding entries to VG.INI file and then restarting the VoiceGuide service. And you will need to obtain your certificates first.

Note that once TLS is enabled it becomes harder to debug any SIP level connectivity problems - as raw WireShark captures have the encrypted data in them - and anyone looking at those encrypted SIP traces needs your PRIVATE key to decrypt them....

Share this post


Link to post

OK, that's very similar to what I have learned by a bit of researches, and thanks a lot for the confirmation.

I will share your post with our team.

THANK YOU.

Share this post


Link to post

Twilio provides the cert cacert.pem , Would I just place this on the file system and point the vg.ini to it?  Or must the Cert be exported/converted into another format?

; -----------------------
; TLS
tls_enable=1
tls_port=5061
tls_version=1.2
ca_cert_filename=
local_rsa_private_key_filename=
local_rsa_private_key_password=
local_rsa_cert_filename=C:\Program Files (x86)\VoiceGuide\conf\cacert.pem
local_dss_private_key_filename=
local_dss_private_key_password=
local_dss_cert_filename=
; -----------------------

for example

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×