The Brooktrout Fax Products SDK 6.8 is the latest Brooktrout development kit providing feature rich capabilities to our partners. We’ve added some new features that will be quite useful, and I will discuss a couple of them on what they do and why they can help you.
The first new feature in SDK 6.8 is SIP over TLS.
What is it?
TLS stands for Transport Layer Security. It is a way of encrypting IP messages between two endpoints to provide privacy. With SIP over TLS enabled, the SR140 software encodes SIP messages so that other parties cannot read them and snoop in on the conversation. The SIP messages would not be readable by Wireshark or other packet capturing tools.
There are different versions of TLS. We’ve implemented the most recent version - version 1.2 The SR140 software also has a setting to use version 1.0 in case you are communicating with an older TLS device. Note though that version 1.0 is not generally considered to be secure so we would recommend using version 1.2.
How does it work?
TLS works by a means of coding with public and private keys. A public key is one that you give out to everyone and tell them to use it to encode data that they send to you. A private key is something that you keep yourself and only you have it. So other devices encode data with your public key and once they do that they send the encoded data to you. Your private key allows only you to decrypt the data. Since no one else has access to your private key, only you can read the SIP messages sent to you.
What do I need to use it?
First, you’re going to need a security license for the SR140. We’ve introduced a new add-on security license to use SIP over TLS. You activate the security license like you activate a normal license, and you would use it in conjunction with your existing SR140 license. It’s important to note that your security license needs to have at least as many channels to it as the normal SR140 channels you have configured. That is, if you have 24 SR140 channels right now, then to use SIP over TLS, you would need a security license that has at least 24 channels. If your security license were only for 20 channels, then you would not be able to use SIP over TLS.
Next, you’re going to need your keys. These would come from either an entity known as a certificate authority or you could create them yourself. The certificate authority method is the most common since when done that way, there is no doubt that your public key came from you. The certificate authority is recognized as a trusted source for key creation. Creating them yourself is referred to typically as self-signing and is fine for testing but not recommended for use in the field.
More information on SIP over TLS can be found in the Dialogic Brooktrout Bfv APIs Reference Manual, Volume 6, Appendix I.