Share via


Transport Protocols and RTC (Windows Embedded CE 6.0)

1/6/2010

When an application creates a session, it can specify the provisioning profile to use for the session. Provisioning profiles are explained in more detail in Provisioning and XML Profiles.

The <sipsrv> tag in the profile contains a protocol attribute that can be set to UDP, TCP, or TLS (Transport Layer Security). If the transport specified is TLS, the signaling channel to the server is secured using the TLS protocol.

TLS is a security protocol that sits on top of TCP.

TLS uses an encryption key generated by the TLS handshake protocol to encrypt the messages. This encryption key is negotiated between the client and the server and shared between them.

Separate encryption keys are negotiated for each signaling connection along the route. The client authenticates the server using the TLS handshake protocol before the signaling connection is established.

The RTC Client API establishes encrypted signaling connections to the server using TLS. However, if the remote client has not specified TLS, the signaling connection from the remote client might not be encrypted. Likewise, the last leg of the signaling connection to the remote client from their server may not be encrypted.

In general, if a server along the route the packet takes to the remote client does not support TLS encryption, packets traveling over the segments associated with this server are not encrypted and the contents of the packet are visible to eavesdroppers on the network.

The RTC Client API also supports peer-to-peer connections. Generally, peer-to-peer connections are not encrypted because the RTC Client API does not accept incoming TLS signaling connections.

Note

Someone can intercept information by replacing a SIP server and forwarding SIP requests to other servers. Client applications should ensure that the server is authenticated. For the application to authenticate the server, the Kerberos authentication method should be enabled and the TLS transport type must be specified in the profile.

See Also

Concepts

RTC Authentication