[Freeswitch-users] ATA that supports TLS/SRTP w FS

Gabriel Kuri gkuri at ieee.org
Thu Dec 3 15:25:29 PST 2009 

The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the
Grandstream and Mediatrix devices (although I've never tried either
one with FreeSWITCH).

I've personally never had any good experience with the Grandstream
ATAs. The Mediatrix ATAs are OK devices, but I've never personally
tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
support it (so says their marketing material and docs).

I'd see if Cisco has any plans to add support for it to the ATAs. Next
time I see our Cisco SE, I'll try to poke him about it.

Gabe

On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
<mcampbellsmith at gmail.com> wrote:
> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange
> to appropriately support SRTP and FreeSWITCH
>
> I'll check with Cisco regarding their implementation then and try to
> find out when/if they will support standard SRTP encryption.
>
>
> So, back to my origianal question then.  Are there any ATA's that
> support TLS AND SRTP with FreeSwitch?
>
>
> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
>> exchange to appropriately support SRTP and FreeSWITCH. They do their
>> proprietary Sipura key exchange only, not sure if Cisco plans on
>> upgrading the firmware to ever support SDES on the ATAs. They added
>> support for SDES to their IP Phones about 1 year ago, but nothing has
>> happened with the ATAs as of yet.
>>
>> Gabe
>>
>>
>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
>> <mcampbellsmith at gmail.com> wrote:
>>> Hi All,
>>>
>>> I managed to borrow a SPA3102 with the latest firmware and have got it
>>> to register using TLS, but I am still struggling with SRTP.  Has
>>> anyone managed to get SRTP working with the Linksys devices and if so,
>>> can they direct me on how to do this.
>>>
>>> I have generated a mini-certificates and SRTP Private Key using the
>>> gen-mc tool found at
>>> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3.
>>>  However, when ever I initiate a call from the SPA, I can see that the
>>> call is not encrypted.
>>>
>>> Help appreciated.
>>>
>>> Thanks!
>>>
>>>
>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
>>>> Check out the Linksys SPA2102
>>>>
>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
>>>> <mcampbellsmith at gmail.com> wrote:
>>>>>
>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
>>>>> Grandstream HandyTone 503.  But, again according to the wiki, that
>>>>> doesn't seem to behave to well with TLS ...
>>>>>
>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net> wrote:
>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
>>>>> >> Does the SPA3102 support TLS or only SRTP?
>>>>> >
>>>>> > I don't know, but supporting only SRTP would be ridiculous, since the
>>>>> > keys
>>>>> > would then be transmitted in the clear and therefore amenable to
>>>>> > interception.
>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order to be
>>>>> > secure.
>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works entirely
>>>>> > in
>>>>> > RTP.
>>>>> >
>>>>> > I would be rather surprised were a hardware manufacturer to implement
>>>>> > SRTP
>>>>> > without TLS for the SIP traffic. On the other hand, we've seen often in
>>>>> > this
>>>>> > forum that some manufacturers are really clueless...
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > FreeSWITCH-users mailing list
>>>>> > FreeSWITCH-users at lists.freeswitch.org
>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> > http://www.freeswitch.org
>>>>> >
>>>>>
>>>>> _______________________________________________
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>
>>>>
>>>> _______________________________________________
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

More information about the FreeSWITCH-users mailing list