The TLS (Transport Layer Security) Support - Subscriber Access Feature can be used in different implementations and scenarios.
The following sections describes different implementation and usage scenarios.
In addition to TLS, Lotus Sametime Unified Telephony also supports TCP and UDP (User Datagram Protocol) as transport layer options for SIP signaling protocols. Therefore, SIP over TCP and SIP over UDP are viable alternatives to SIP over TLS.
When the SIP URI is used to place a call, it is possible for TLS to be used as the transport protocol by one SIP endpoint and for a different signaling protocol (such as SIP-Q or MGCP (Media Gateway Controller), with or without signaling security) to be used by the other device.
Lotus Sametime Unified Telephony supports TLS on the signaling connection between a SIP endpoint and the SIP signaling manager. Because TLS is applied on a hop-by-hop basis, end-to-end signaling security is achieved only when all hops of the signaling connection use TLS. End-to-end TLS security is not guaranteed if the call leaves the local administrative domain.
Note: An administrative domain is a collection of end systems, intermediate systems, and subnetworks operated by a single organization or administrative authority. In Lotus Sametime Unified Telephony, each business group represents a separate administrative domain.
Nearly all SIP endpoints used with Lotus Sametime Unified Telephony support TCP and TLS for SIP signaling transport. However, the optiPoint 150 S does not support TLS.
The transport protocol that is used is a configuration option of the SIP endpoint. Other SIP telephones used with Lotus Sametime Unified Telephony may only support a subset of this functionality.
Parent topic: TLS (Transport Layer Security) Support