[Evergreen-general] Encrypted SIP2

Rogan Hamby rhamby at equinoxinitiative.org
Tue Jan 5 09:45:47 EST 2021

I'll just note that I have setup several Envisionware instances to use
stunnel and encrypt the SIP2 communication back to Evergreen as Jason Boyer
describes with no issues.  It's transparent to the clients as you would

On Tue, Jan 5, 2021 at 9:42 AM Jason Boyer <jboyer at equinoxinitiative.org>

> Hi Wendell, there isn’t really anything that can be done to SIP2 to make
> it secure without making it not-SIP2. That said, what can be done is to
> transfer it over an encrypted channel. I know some Evergreen and Koha
> systems handle SIP2 this way and I suspect TLC is doing the same. This
> tunneling can be done with stunnel (an openssl TLS tunnel) or ssh port
> redirection and most vendors are capable of dealing with one or the other.
> There’s nothing special needed in Evergreen to handle this; you just need
> to setup SIPServer to listen to a local IP rather than a public one and
> coordinate with the vendor what type of tunnel to use. I realize this is
> pretty non-specific but if you have any questions I or someone else on the
> list should be able to help out.
> Jason
> --
> Jason Boyer
> Senior System Administrator
> Equinox Open Library Initiative
> phone:  +1 (877) Open-ILS (673-6457)
> email:  JBoyer at EquinoxInitiative.org <JBoyer at EquinoxInitiative.org>
> web:  https://EquinoxInitiative.org/
> On Jan 5, 2021, at 9:05 AM, Gragg, Wendell E <WGragg at bryantx.gov> wrote:
> Hi all.  I haven’t posted in a while, but we are still in the process of
> evaluating ILS systems and our city IT department is balking at one thing,
> SIP2 being plain text.  Apparently, one vendor, TLC claims they have an
> encryption solution for SIP2, but I question whether it actually works or
> not, and TLC is another proprietary system, which we are trying to avoid.
> I have been trying to research SIP2 a bit more and am not finding a lot of
> information about security issues with it.  I’m also trying to find out if
> anyone in the Evergreen community has worked with encrypting SIP2 messages,
> at least sensitive information like passwords and user barcodes.
> Is this even possible in Evergreen and has it caused any problems with
> outside vendors like OCLC or Envisionware?
> I would like to find this out because I fear that our city IT is going to
> force us into an ILS we really don’t want.
> Thanks,
> Wendell
> Wendell Gragg, MSIS
> Automation Services Supervisor
> Bryan+College Station Public Library System
> Bryan, TX
> 979-209-5613
> _______________________________________________
> Evergreen-general mailing list
> Evergreen-general at list.evergreen-ils.org
> http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general
> _______________________________________________
> Evergreen-general mailing list
> Evergreen-general at list.evergreen-ils.org
> http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.evergreen-ils.org/pipermail/evergreen-general/attachments/20210105/b9e25cda/attachment.html>

More information about the Evergreen-general mailing list