diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-01 18:16:24 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-01 18:16:24 +0000 |
commit | 6c9711840582fdc944e169560440cc2a51575914 (patch) | |
tree | 517386774bf6b37ad8eae1fa5f485c379d1f8e34 /configs/iax.conf.sample | |
parent | c60aab53f2e66b27926d1b3dfaf1559c0da4a507 (diff) |
Merge changes from team/bbryant/keyrotation
This set of changes enhances IAX2 encryption support by adding key rotation
to provide enhanced security. The key used for encryption is rotated right
after the call gets set up, and then again every few minutes. This was
discussed at the last AstriDevCon. For interoperability with older versions
of Asterisk, there is an option that disables key rotation.
(closes issue #13018)
Reported by: bbryant
Patches:
07072008__iax2_key_rotation.diff uploaded by bbryant (license 36)
Tested by: russell, bbryant
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@135158 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'configs/iax.conf.sample')
-rw-r--r-- | configs/iax.conf.sample | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/configs/iax.conf.sample b/configs/iax.conf.sample index bbdfdca89..dc3c46568 100644 --- a/configs/iax.conf.sample +++ b/configs/iax.conf.sample @@ -172,6 +172,15 @@ forcejitterbuffer=no ; ; trunkmtu = 0 ; +; Enable IAX2 encryption. The default is no. +; +; encryption = yes +; +; This is a compatibility option for older versions of IAX2 that do not support +; key rotation with encryption. This option will disable the IAX_COMMAND_RTENC message. +; default is on +; +; keyrotate=off ; This option defines the maximum size an IAX2 trunk can grow to. The default value is 128000 bytes which ; represents 40ms uncompressed linear with 200 channels. Depending on different things though @@ -385,6 +394,12 @@ inkeys=freeworlddialup ;accountcode=markster0101 ;permit=209.16.236.73/255.255.255.0 ;language=en ; Use english as default language +;encryption=yes ; Enable IAX2 encryption. The default is no. +;keyrotate=off ; This is a compatibility option for older versions of +; ; IAX2 that do not support key rotation with encryption. +; ; This option will disable the IAX_COMMAND_RTENC message. +; ; default is on. +; ; ; ; Peers may also be specified, with a secret and ; a remote hostname. @@ -407,8 +422,13 @@ host=216.207.245.47 ;qualifyfreqnotok = 10000 ; how frequently to ping the peer when it's ; either LAGGED or UNAVAILABLE, in milliseconds ;jitterbuffer=no ; Turn off jitter buffer for this peer - ; +;encryption=yes ; Enable IAX2 encryption. The default is no. +;keyrotate=off ; This is a compatibility option for older versions of +; ; IAX2 that do not support key rotation with encryption. +; ; This option will disable the IAX_COMMAND_RTENC message. +; ; default is on. +; ; ; Peers can remotely register as well, so that they can be mobile. Default ; IP's can also optionally be given but are not required. Caller*ID can be ; suggested to the other side as well if it is for example a phone instead of |