TLS is used to provide signaling encryption and remote device authentication. SIP over TLS uses TCP as an underlying protocol and is usually configured on port 5061.
There are three modes of operation for a TLS connection that Apeiron suppors
Encryption Only: provides no certificate verification. Traffic will still be encrypted between the devices but without using certificates to verify each others identity.
Server Only: single ended authentication mode where only the server side of the TLS connection is validated using certificates. This is common for web browsers and SIP clients that need to verify that they are connecting to the proper server before logging in with their username and password, and are roaming and will not have an IP based certificate.
Mutual: involves a mutual authentication where both sides verify each others certificate prior to sending any encrypted traffic. This would be used on a peering connection to another network (or SIP Trunk) running Mutual Authentication TLS. Only the remote public key or root CA is needed for the Apeiron SBC.