SIP over TLS

1. Description

By default, most SIP devices use SIP over UDP as their main protocol, but for some enterprise unified communication scenario, it is required to deploy SIP over TLS to encrypt their communications. Cloud-miniSIPServer can permit users to connect their SIP phones or SIP clients to their virtual servers with SIP over TLS.

network topology for SIP over TLS

At this time, miniSIPServer can only permit local users (SIP phones) to be deployed with TLS. That means you can not configure "SIP server" or "External lines" with SIP over TLS

By default, miniSIPServer only uses TLSv1.2 method. SSLv2, SSLv3, TLSv1 and TLSv1.1 have been discarded. Please make sure of your SIP phones can support TLSv1.2. In future, we will enable TLSv1.3 and other more safer methods.

2. Configuration

You don't need configure anything in your virtual server. By default, cloud miniSIPServer uses fixed TCP port 6060 to accept SIP over TLS messages. Please refer to following figure for this configuration.

virtual server system configuration

Because TCP port 6060 is not the default port for SIP over TLS which is 5061 defined in standard, you need pay attention to it when you configure your SIP phones or SIP clients.

If your phones have an independent item to set server port, you can indicate it to be 6060. If your phones don't have an independent item, you need indicate it in the server address. For example, if your virtual server is "1425.s1.minisipserver", you need configure "" in the server address

In another way, we MUST indicate its transport to be "TLS".

Please refer to following figure which is a simple configuration of microSIP.

SIP phone configuration
3. F.A.Q
Q1. Why don't you use the standard TLS port 5061?

Since our cloud system is deployed in public network, it could be very dangerous to use the standard port. According to our experience, lots of scanner or hackers are scanning the standard port in public network. It could waste our resources to fight them, so using another port could be a simpler and better choice.

Q2. Can I configure another TLS port?

No, you can't. At this time, we only open TCP port 6060 to accept SIP messages over TLS.