Dialogic 05-2239-009 IP Phone User Manual


 
302
Dialogic Corporation
4.24.2.3 Configuring TCP/TLS Persistence in IP_VIRTBOARD
Because TLS operates on top of TCP, the Global Call mechanism for configuring the persistence of
TCP connections also affects TLS connections. This configuration is accomplished via the
E_SIP_Persistence field in IP_VIRTBOARD as described in Section 4.1.2, “Configuring SIP
Transport Protocol”, on page 110 and Section 4.1.2.1, “Configuring TCP Transport”, on page 111.
The default persistency is ENUM_PERSISTENCE_TRANSACT_USER, which means that the
TLS client connection will be reused among calls, registrations, and other standalone transactions
if possible. Reusing the TLS client connection will save TLS connection time between the same
source and destination addresses and port numbers. When no one uses a TLS client connection, it
will be terminated by Global Call, and the TLS client connection is therefore kept alive only if
someone is using it.
If the application sets ENUM_PERSISTENCE_TRANSACT as the persistence, a TLS client
connection is terminated as soon as the SIP transaction is terminated. This means that multiple TLS
client connections may be required within the same SIP call. This persistence setting is therefore
not recommended for performance reasons.
In the case where an outbound proxy is configured with valid IP address, Global Call will try to
establish a persistent TCP or TLS client connection to the outbound proxy IP address during library
start up. Note that an outbound proxy name can not be used to resolve to an IP address in either
TCP or TLS during Global Call start up. (This is a limitation only during start up time; during run
time, an outbound proxy name can be used to resolve to IP address.) If TLS is configured as
outbound proxy transport, the outbound proxy name must be configured to verify certificate
identify during Global Call start up, otherwise the persistent client connection can not be
established.
If established, this persistent TCP or TLS client connection could then be reused by all
outgoing/incoming SIP messages to/from the proxy. This persistent TCP or TLS client connection
will be kept alive until Global Call closes, regardless of the E_SIP_Persistence setting in the
IP_VIRTBOARD structure.
4.24.2.4 Enabling TLS in IP_VIRTBOARD
The final step in the process of configuring and enabling TLS is to include the configured
SIP_TLS_ENGINE data structure in the sip_tls_engine field of IP_VIRTBOARD.
If this sip_tls_engine field references a SIP_TLS_ENGINE structure that is not properly
configured for either TLS server or TLS client operation, the library will fail to load when
gc_Start( ) is called. In this case the error will be reported as IPERR_INVALID_TLS_PARAM.
The library will also fail to load when gc_Start( ) is called if TLS is enabled but the TCP protocol
is not enabled via E_SIP_tcpenabled because TLS operates on top of TCP. In this case, the reported
error will be IPERR_INVALID_TLS_WITHOUT_TCP.