ALGO - logoTLS Transport Layer Security
Bhuku reMirayiridzo

Kuchengetedza Algo IP Endpoints:
TLS uye Mutual Authentication

Unoda Rubatsiro?
604-454-3792 or support@maonero.ru 

Zviri mukati hide
1 Nhanganyaya kuTLS
2 Encryption vs Identity Verification
3 TLS Zvitupa
4 Mutual Authentication
5 Cipher Suites
6 Algo Chishandiso Zvitupa
7 Kuisa Public CA Certificates kuAlgo SIP Endpoints
8 Web Interface Options
9 SIP Signaling (uye RTP Audio)
10 Algo Zvitupa Dhawunirodha
11 Kugadzirisa matambudziko
12 Zvinyorwa / Zvishandiso
12.1 References
13 Related Posts

Nhanganyaya kuTLS

TLS (Transport Layer Security) ndeye cryptographic protocol inopa huchokwadi, kuvanzika, uye yekupedzisira-kusvika-kumagumo chengetedzo yedata inotumirwa pakati pezvishandiso kana zvishandiso paInternet. Sezvo mapuratifomu enhare anobatiswa ave kuwanda, kudiwa kweTLS kupa kutaurirana kwakachengeteka pamusoro peinternet yeruzhinji kwawedzera. Algo midziyo inotsigira firmware 1.6.4 kana kuti gare gare inotsigira Transport Layer Security (TLS) kune ese ari maviri Provisioning uye SIP Signaling.
Cherechedza: magumo anotevera haatsigire TLS: 8180 IP Audio Alerter (G1), 8028 IP Doorphone (G1), 8128 IP Visual Alerter (G1), 8061 IP Relay Controller.

Encryption vs Identity Verification

Nepo TLS traffic ichigara yakavharirwa uye yakachengeteka kubva kune wechitatu-bato kuteedzera kana kugadziridzwa, imwezve chengetedzo inogona kupihwa nekushandisa Zvitupa kuratidza kuzivikanwa kwerimwe bato. Izvi zvinobvumira Sevha kuti ione kuti ndiani IP Endpoint mudziyo, uye neimwe nzira.
Kuita cheki yekuzivikanwa, Chitupa file inofanirwa kusainwa neSitifiketi Chiremera (CA). Mumwe mudziyo unobva watarisa siginicha iyi, uchishandisa Public (Trusted) Sitifiketi kubva kuCA iyi.

TLS Zvitupa

Algo IP Endpoints inouya yakamisikidzwa neseti yezvitupa zveveruzhinji kubva kune yakavimbika yechitatu-party Certificate Authorities (CAs), kusanganisira Comodo, Verisign, Symantec, DigiCert, nezvimwewo. Vakuru veSitifiketi vanopa zvitupa zvakasainwa kumabhizinesi kubvumira mabhizinesi aya kuratidza izvozvo. maseva avo kana webmawebhusaiti ari kutaura kuti ndivanaani. Midziyo yeAlgo inogona kusimbisa kuti iri kutaurirana nesevha yechokwadi nekuona zvitupa zvakasainwa sevha zvichipesana nezvitupa zveveruzhinji kubva kuCA yakasaina. Zvimwe zvitupa zveruzhinji zvinogona zvakare kuiswa, kubvumidza iyo Algo mudziyo kuvimba uye kuona mamwe maseva anogona kunge asina kuverengerwa muzvitupa zvakafanoiswa (zvekare.ample, zvitupa zvakasaina).

Mutual Authentication

Mutual Authentication inowedzera imwe yakawedzera chengetedzo nekuda kuti sevha isimbise uye ivimbe mudziyo wekupedzisira, mukuwedzera kune yakapesana neyekupedzisira inosimbisa sevha. Izvi zvinoitwa uchishandisa yakasarudzika Chitupa Chitupa, chakaiswa pane yega yega Algo SIP Endpoint panguva yekugadzirwa. Sezvo IP kero yeAlgo mudziyo isina kugadziriswa (inotemerwa netiweki yemutengi), Algo haigone kuburitsa ruzivo urwu pachine maCA akavimbika, uye pachinzvimbo, izvi Zvitupa zveChishandiso zvinofanirwa kusainwa neAlgo's wega CA.
Kuti sevha ibve yavimba neAlgo mudziyo, maneja wehurongwa anozoda kuisa yeruzhinji Algo CA chitupa cheni pane yavo server (yekare.ample SIP Foni System kana sevha yavo yekugovera) kuitira kuti sevha iyi ione kuti Chitupa cheChishandiso chiri paAlgo mudziyo ndeyechokwadi.

Cherechedza: Algo IP endpoints yakagadzirwa muna 2019 (kutanga nefirmware 1.7.1) kana gare gare ita kuti chitupa chemudziyo chakaiswa kubva kufekitari.
Kuti uone kana chitupa chakaiswa, enda kuSystem -> About tab. Ona iyo Manufacturer Certificate. Kana chitupa chisina kuiswa, ndapota email support@maonero.ru. ALGO TLS Transport Layer Chengetedzo - Mufananidzo 1

Cipher Suites

Cipher suites maseti ealgorithms anoshandiswa panguva yeTLS chikamu. Imwe neimwe suite inosanganisira algorithms echokwadi, encryption, uye meseji yechokwadi. Algo zvishandiso zvinotsigira akawanda anowanzo shandiswa encryption algorithms senge AES256 uye meseji yekusimbisa kodhi maalgorithms akadai seSHA-2.

Algo Chishandiso Zvitupa

Zvitupa zveMudziyo zvakasainwa neAlgo Root CA zvakaiswa fekitori paAlgo zvishandiso kubvira 2019, kutanga ne firmware 1.7.1. Chitupa chinogadzirwa kana chishandiso chagadzirwa, chine zita rakajairika mune chitupa chine MAC kero yechishandiso chimwe nechimwe.
Chitupa chemudziyo chinoshanda kwemakore makumi matatu uye chinogara mune imwe chikamu chakasiyana, saka hachizodzimwa kunyangwe fekitori yagadzirisazve Algo endpoint.
Algo zvishandiso zvakare zvinotsigira kurodha yako wega chitupa chekushandisa pachinzvimbo chefekitori-yakaiswa mudziyo chitupa. Izvi zvinogona kuiswa nekuisa PEM file ine zvese chitupa chemudziyo uye kiyi yakavanzika kune iyo 'certs' dhairekitori (kwete iyo 'certs/yakavimbika' dhairekitori!) muSitimu -> File Manager tab. Izvi file inoda kunzi 'sip client.pem'.

Kuisa Public CA Certificates kuAlgo SIP Endpoints

Kana uri pa firmware yakaderera pane 3.1.X, ndapota simudza mudziyo.
Kuisa chitupa paAlgo mudziyo une firmware v3.1 & pamusoro, tevera matanho ari pasi apa:

  1. Tora chitupa cheruzhinji kubva kune Chitupa chako cheSitifiketi (chero chitupa chefomati yeX.509 chinogona kugamuchirwa). Iko hakuna chaiyo fomati inodiwa kune iyo filezita.
  2. Mu web interface yeAlgo mudziyo, famba uchienda kuSystem -> File Manager tab.
  3. Isa chitupa files mune iyo 'certs / yakavimbika' dhairekitori. Click the Upload bhatani kumusoro kuruboshwe kona ye file maneja uye tsvaga kune chitupa.

Web Interface Options

HTTPS Provisioning
Kugovera kunogona kuchengetedzwa nekuisa iyo 'Download Method' ku'HTTPS' (pasi peAdvanced Settings> Provisioning tab). Izvi zvinodzivirira kugadzirisa files kubva pakuverengwa nemunhu asingadiwe wechitatu. Izvi zvinogadzirisa njodzi inogona kuitika yekubirwa data rakavanzika, senge mapassword e admin uye zvitupa zveSIP. ALGO TLS Transport Layer Chengetedzo - Mufananidzo 2

Kuti uratidze chitupa paSevha Inopihwa, isawo 'Validate Server Certificate' kuita 'Yakagoneswa'. Kana Setifiketi yeSevha yekupa yakasainwa neimwe yeanowanzo kutengeserana maCA, saka mudziyo weAlgo unofanirwa kunge watove neruzhinji chitupa cheCA iyi uye wokwanisa kuita ongororo.
Isa zvimwe zvitupa (Base64 encoded X.509 certificate file mu .pem, .cer, kana .crt format) nekuenda ku“System > File Maneja" kune iyo 'certs / yakavimbika' folda.
CHERECHEDZA: Iyo 'Validate Server Setifiketi' paramende inogona zvakare kugoneswa kuburikidza nekupa: prov.download.cert = 1

HTTPS Web Interface Protocol
Maitiro ekurodha chitupa cheruzhinji cheHTTPS web kubhurawuza kwakafanana nezvinotsanangurwa muchikamu chiri pamusoro. Iyo httpd.pem file chitupa chemudziyo chinokumbirwa nebrowser yekombuta yako paunofamba uchienda kuIP yemuchina. Kuisa tsika imwe inogona kukurega iwe kubvisa iyo yambiro meseji kana iwe ukawana iyo WebUI uchishandisa HTTPS. Haisi yeruzhinji CA certificate. Chitupa chinofanira kuiswa ku 'certs'. ALGO TLS Transport Layer Chengetedzo - Mufananidzo 3

SIP Signaling (uye RTP Audio)

Kusaina SIP kunochengetedzwa nekuseta 'SIP Yekufambisa' kuenda ku'TLS' (pasi peZvirongwa Zvepamberi> Yepamberi SIP tebhu).

  • Inovimbisa kuti SIP traffic ichave yakavharidzirwa.
  • Iyo SIP siginecha ine basa rekumisikidza kufona (iyo yekudzora masaini kutanga uye kupedzisa kufona nemumwe bato), asi haina odhiyo.
  • Kune iyo yekuteerera (izwi) nzira, shandisa kuseta 'SDP SRTP Offer'.
  • Kuisa izvi ku 'Sarudzo' zvinoreva kuti SIP yekufona's RTP audio data ichavharirwa (uchishandisa SRTP) kana rimwe bato richitsigirawo kuvharidzirwa kweaudio.
  • Kana rimwe bato risingatsigire SRTP, ipapo kufona kucharamba kuenderera, asi neaudio isina kunyorwa. Kugadzira odhiyo encryption inosungirwa kune ese mafoni, isa 'SDP SRTP Offer' kune 'Standard'. Muchiitiko ichi, kana rimwe bato risingatsigire kunyoreswa kweaudio, ipapo kuedza kwekufona kucharambwa.
  • Kuti uite chitupa chekuziva paSIP Server, isawo 'Validate Server Certificate' kuita 'Yakagoneswa'.
  • Kana Chitupa cheSIP server chakasainwa neimwe yeCAs dzekutengesa, ipapo Algo mudziyo unofanirwa kunge watove neruzhinji chitupa cheCA iyi uye wokwanisa kuita ongororo. Kana zvisiri (semuenzanisoample ane zvitupa zvakasaina), ipapo chitupa chakakodzera cheruzhinji chinogona kukwidzwa kuAlgo mudziyo sezvatsanangurwa pakutanga mugwaro rino.

ALGO TLS Transport Layer Chengetedzo - Mufananidzo 4

TLS Shanduro 1.2
Algo midziyo inoshandisa firmware v3.1 & pamusoro inotsigira TLS v1.1 uye v1.2. 'Simba Chengetedza TLS
Sarudzo yevhezheni inogona kushandiswa kuda ma TLS kubatanidza kushandisa TLSv1.2. Kugonesa ichi chimiro:

  • Enda kuZvirongwa Zvepamusoro> Yepamberi SIP
  • Seta iyo 'Simba yakachengeteka TLS Version' seyakagoneswa uye chengetedza.
    CHERECHEDZA: Iyi sarudzo yakabviswa muv4.0+ sezvo TLS v1.2 ichishandiswa nekusingaperi

Algo Zvitupa Dhawunirodha

Pazasi pane seti yezvinongedzo yekurodha iyo Algo CA chitupa cheni. The files inogona kuisirwa paSIP Server kana Provisioning Server kuitira kuti maseva aya asimbise Zvitupa zveChishandiso paAlgo SIP Endpoints, uye nekudaro bvumidza Mutual Authentication:
Algo Root CA: http://firmware.algosolutions.com/pub/certs/algo_issuing.crt
Algo Intermediate CA: http://firmware.algosolutions.com/pub/certs/algo_intermediate.crt
Algo Public Certificate: http://firmware.algosolutions.com/pub/certs/algo_ca.crt

Kugadzirisa matambudziko

Kana kukwazisana kweTLS kusiri kupera, ndapota tumira pakiti kubatwa kuAlgo rutsigiro kuti uongororwe. Kuti uite izvozvo unozofanirwa kutarisisa traffic, kubva pachiteshi iyo Algo endpoint yakabatana pane network switch, dzokera kune komputa.

Algo Kutaurirana Zvigadzirwa Ltd.
4500 Beedie St Burnaby BC Canada V5J 5L2
www.dzidziso.com
604-454-3792
support@maonero.ru

Zvinyorwa / Zvishandiso

ALGO TLS Transport Layer Security [pdf] Mirayiridzo
TLS, Transport Layer Security, Layer Security, TLS, Transport Layer

References

Related Posts

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *