[Freeswitch-users] ATA that supports TLS/SRTP w FS

Yehavi Bourvine yehavi.bourvine at gmail.com
Thu Dec 3 20:38:21 PST 2009


Hello,

  I have AudioCodes MP and Vega ATA adapters. They both support SRTP; they
should support TLS also (will try it next week; up to now I preffered to not
use TLS so I can sniff the traffic and debug things).

                 Regards, __Yehavi:

2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>

> Cheers Gabriel.. thanks for the information.
>
> I'll look at the Mediatrix ATA's as an alternative - has anyone had
> experience with those and TLS/SRTP?
>
>
> On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
> > The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the
> > Grandstream and Mediatrix devices (although I've never tried either
> > one with FreeSWITCH).
> >
> > I've personally never had any good experience with the Grandstream
> > ATAs. The Mediatrix ATAs are OK devices, but I've never personally
> > tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
> > support it (so says their marketing material and docs).
> >
> > I'd see if Cisco has any plans to add support for it to the ATAs. Next
> > time I see our Cisco SE, I'll try to poke him about it.
> >
> > Gabe
> >
> > On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
> > <mcampbellsmith at gmail.com> wrote:
> >> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange
> >> to appropriately support SRTP and FreeSWITCH
> >>
> >> I'll check with Cisco regarding their implementation then and try to
> >> find out when/if they will support standard SRTP encryption.
> >>
> >>
> >> So, back to my origianal question then.  Are there any ATA's that
> >> support TLS AND SRTP with FreeSwitch?
> >>
> >>
> >> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
> >>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
> >>> exchange to appropriately support SRTP and FreeSWITCH. They do their
> >>> proprietary Sipura key exchange only, not sure if Cisco plans on
> >>> upgrading the firmware to ever support SDES on the ATAs. They added
> >>> support for SDES to their IP Phones about 1 year ago, but nothing has
> >>> happened with the ATAs as of yet.
> >>>
> >>> Gabe
> >>>
> >>>
> >>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
> >>> <mcampbellsmith at gmail.com> wrote:
> >>>> Hi All,
> >>>>
> >>>> I managed to borrow a SPA3102 with the latest firmware and have got it
> >>>> to register using TLS, but I am still struggling with SRTP.  Has
> >>>> anyone managed to get SRTP working with the Linksys devices and if so,
> >>>> can they direct me on how to do this.
> >>>>
> >>>> I have generated a mini-certificates and SRTP Private Key using the
> >>>> gen-mc tool found at
> >>>>
> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3
> .
> >>>>  However, when ever I initiate a call from the SPA, I can see that the
> >>>> call is not encrypted.
> >>>>
> >>>> Help appreciated.
> >>>>
> >>>> Thanks!
> >>>>
> >>>>
> >>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
> >>>>> Check out the Linksys SPA2102
> >>>>>
> >>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
> >>>>> <mcampbellsmith at gmail.com> wrote:
> >>>>>>
> >>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
> >>>>>> Grandstream HandyTone 503.  But, again according to the wiki, that
> >>>>>> doesn't seem to behave to well with TLS ...
> >>>>>>
> >>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net>
> wrote:
> >>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
> >>>>>> >> Does the SPA3102 support TLS or only SRTP?
> >>>>>> >
> >>>>>> > I don't know, but supporting only SRTP would be ridiculous, since
> the
> >>>>>> > keys
> >>>>>> > would then be transmitted in the clear and therefore amenable to
> >>>>>> > interception.
> >>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order to
> be
> >>>>>> > secure.
> >>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works
> entirely
> >>>>>> > in
> >>>>>> > RTP.
> >>>>>> >
> >>>>>> > I would be rather surprised were a hardware manufacturer to
> implement
> >>>>>> > SRTP
> >>>>>> > without TLS for the SIP traffic. On the other hand, we've seen
> often in
> >>>>>> > this
> >>>>>> > forum that some manufacturers are really clueless...
> >>>>>> >
> >>>>>> >
> >>>>>> > _______________________________________________
> >>>>>> > FreeSWITCH-users mailing list
> >>>>>> > FreeSWITCH-users at lists.freeswitch.org
> >>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>>> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>>> > http://www.freeswitch.org
> >>>>>> >
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> FreeSWITCH-users mailing list
> >>>>>> FreeSWITCH-users at lists.freeswitch.org
> >>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>>> http://www.freeswitch.org
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> FreeSWITCH-users mailing list
> >>>>> FreeSWITCH-users at lists.freeswitch.org
> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>> http://www.freeswitch.org
> >>>>>
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> FreeSWITCH-users mailing list
> >>>> FreeSWITCH-users at lists.freeswitch.org
> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> http://www.freeswitch.org
> >>>>
> >>>
> >>> _______________________________________________
> >>> FreeSWITCH-users mailing list
> >>> FreeSWITCH-users at lists.freeswitch.org
> >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>> http://www.freeswitch.org
> >>>
> >>
> >> _______________________________________________
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >>
> >
> > _______________________________________________
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20091204/6ed9e6a3/attachment-0002.html 


More information about the FreeSWITCH-users mailing list