diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update
index ade22984f2..cfded9d9e2 100644
--- a/libs/sofia-sip/.update
+++ b/libs/sofia-sip/.update
@@ -1 +1 @@
-Thu May  3 16:30:20 CDT 2012
+Sat Jun  9 03:24:47 UTC 2012
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h b/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
index 6745cff1af..3abbbcbac4 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
@@ -198,6 +198,12 @@ enum tport_tls_verify_policy {
   TPTLS_VERIFY_SUBJECTS_ALL = 0xF,
 };
 
+TPORT_DLL extern tag_typedef_t tptag_tls_timeout;
+#define TPTAG_TLS_TIMEOUT(x) tptag_tls_timeout, tag_uint_v((x))
+
+TPORT_DLL extern tag_typedef_t tptag_tls_timeout_ref;
+#define TPTAG_TLS_TIMEOUT_REF(x) tptag_tls_timeout_ref, tag_uint_vr(&(x))
+
 TPORT_DLL extern tag_typedef_t tptag_tls_passphrase;
 #define TPTAG_TLS_PASSPHRASE(x)  tptag_tls_passphrase, tag_str_v(x)
 
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
index c10958a41f..495eaaf997 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
@@ -280,6 +280,19 @@ tag_typedef_t tptag_compartment = PTRTAG_TYPEDEF(compartment);
  */
 tag_typedef_t tptag_tls_version = UINTTAG_TYPEDEF(tls_version);
 
+/**@def TPTAG_TLS_TIMEOUT(x)
+ *
+ * Sets the maximum TLS session lifetime in seconds.
+ *
+ * The default value is 300 seconds.
+ *
+ * Use with tport_tbind(), nua_create(), nta_agent_create(),
+ * nta_agent_add_tport(), nth_engine_create(), or initial nth_site_create().
+ *
+ * @NEW_UNRELEASED.
+ */
+tag_typedef_t tptag_tls_timeout = UINTTAG_TYPEDEF(tls_timeout);
+
 /**@def TPTAG_TLS_VERIFY_PEER(x)
  * @par Depreciated:
  *    Alias for TPTAG_TLS_VERIFY_POLICY(TPTLS_VERIFY_IN|TPTLS_VERIFY_OUT)
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
index 2fffbde110..2facb30d0d 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -311,6 +311,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
     return -1;
   }
 
+  SSL_CTX_set_timeout(tls->ctx, ti->timeout);
+
   /* Set callback if we have a passphrase */
   if (ti->passphrase != NULL) {
     SSL_CTX_set_default_passwd_cb(tls->ctx, passwd_cb);
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
index dbf6517196..702dcc9040 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
@@ -65,6 +65,7 @@ typedef struct tls_issues_s {
                          */
   int   version;	/* For tls1, version is 1. When ssl3/ssl2 is
 			 * used, it is 0. */
+  unsigned timeout;	/* Maximum session lifetime in seconds */
 } tls_issues_t;
 
 typedef struct tport_tls_s {
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
index 24f5d1b0fb..cd2ac9a9b6 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
@@ -181,6 +181,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
   char *tbf = NULL;
   char const *path = NULL;
   unsigned tls_version = 1;
+  unsigned tls_timeout = 300;
   unsigned tls_verify = 0;
   char const *passphrase = NULL;
   unsigned tls_policy = TPTLS_VERIFY_NONE;
@@ -198,6 +199,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
   tl_gets(tags,
 	  TPTAG_CERTIFICATE_REF(path),
 	  TPTAG_TLS_VERSION_REF(tls_version),
+	  TPTAG_TLS_TIMEOUT_REF(tls_timeout),
 	  TPTAG_TLS_VERIFY_PEER_REF(tls_verify),
 	  TPTAG_TLS_PASSPHRASE_REF(passphrase),
 	  TPTAG_TLS_VERIFY_POLICY_REF(tls_policy),
@@ -224,6 +226,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
     ti.cert = ti.key;
     ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
     ti.version = tls_version;
+    ti.timeout = tls_timeout;
     ti.CApath = su_strdup(autohome, path);
 
     SU_DEBUG_9(("%s(%p): tls key = %s\n", __func__, (void *)pri, ti.key));
diff --git a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
index 2e66602f1b..39c53d56d4 100644
--- a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
+++ b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
@@ -242,6 +242,8 @@
         <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not
              work with TLSv1 -->
         <param name="tls-version" value="$${sip_tls_version}"/>
+        <!-- TLS maximum session lifetime -->
+        <!-- <param name="tls-timeout" value="300"/> -->
 
         <!-- turn on auto-flush during bridge (skip timer sleep when the socket
              already has data) (reduces delay on latent connections default
diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h
index 8379c4bf93..6345e354c5 100644
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@@ -596,6 +596,7 @@ struct sofia_profile {
 	switch_port_t sip_port;
 	switch_port_t tls_sip_port;
 	int tls_version;
+	unsigned int tls_timeout;
 	char *inbound_codec_string;
 	char *outbound_codec_string;
 	int running;
diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c
index 13e632af9f..799e6ed21e 100644
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -2071,6 +2071,8 @@ void *SWITCH_THREAD_FUNC sofia_profile_thread_run(switch_thread_t *thread, void
 									  TPTAG_TLS_VERIFY_SUBJECTS(profile->tls_verify_in_subjects)),
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
 									 TPTAG_TLS_VERSION(profile->tls_version)),
+							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_timeout,
+									 TPTAG_TLS_TIMEOUT(profile->tls_timeout)),
 							  TAG_IF(!strchr(profile->sipip, ':'),
 									 NTATAG_UDP_MTU(65535)),
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_DISABLE_SRV),
@@ -3934,6 +3936,7 @@ switch_status_t config_sofia(int reload, char *profile_name)
 				profile->sip_force_expires = 0;
 				profile->sip_expires_max_deviation = 0;
 				profile->tls_version = 0;
+				profile->tls_timeout = 300;
 				profile->mflags = MFLAG_REFER | MFLAG_REGISTER;
 				profile->server_rport_level = 1;
 				profile->client_rport_level = 1;
@@ -4754,6 +4757,9 @@ switch_status_t config_sofia(int reload, char *profile_name)
 						} else {
 							profile->tls_version = 0;
 						}
+					} else if (!strcasecmp(var, "tls-timeout")) {
+						int v = atoi(val);
+						profile->tls_timeout = v > 0 ? (unsigned int)v : 300;
 					} else if (!strcasecmp(var, "timer-T1")) {
 						int v = atoi(val);
 						if (v > 0) {