<div dir="ltr"><div>Hello,</div>
<div> </div>
<div> I have AudioCodes MP and Vega ATA adapters. They both support SRTP; they should support TLS also (will try it next week; up to now I preffered to not use TLS so I can sniff the traffic and debug things).</div>
<div> </div>
<div> Regards, __Yehavi:<br><br></div>
<div class="gmail_quote">2009/12/4 Mark Campbell-Smith <span dir="ltr"><<a href="mailto:mcampbellsmith@gmail.com">mcampbellsmith@gmail.com</a>></span><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Cheers Gabriel.. thanks for the information.<br><br>I'll look at the Mediatrix ATA's as an alternative - has anyone had<br>
experience with those and TLS/SRTP?<br>
<div>
<div></div>
<div class="h5"><br><br>On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <<a href="mailto:gkuri@ieee.org">gkuri@ieee.org</a>> wrote:<br>> The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the<br>
> Grandstream and Mediatrix devices (although I've never tried either<br>> one with FreeSWITCH).<br>><br>> I've personally never had any good experience with the Grandstream<br>> ATAs. The Mediatrix ATAs are OK devices, but I've never personally<br>
> tested them with SRTP w/SDES and FreeSWITCH, but supposedly they<br>> support it (so says their marketing material and docs).<br>><br>> I'd see if Cisco has any plans to add support for it to the ATAs. Next<br>
> time I see our Cisco SE, I'll try to poke him about it.<br>><br>> Gabe<br>><br>> On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith<br>> <<a href="mailto:mcampbellsmith@gmail.com">mcampbellsmith@gmail.com</a>> wrote:<br>
>> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange<br>>> to appropriately support SRTP and FreeSWITCH<br>>><br>>> I'll check with Cisco regarding their implementation then and try to<br>
>> find out when/if they will support standard SRTP encryption.<br>>><br>>><br>>> So, back to my origianal question then. Are there any ATA's that<br>>> support TLS AND SRTP with FreeSwitch?<br>
>><br>>><br>>> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <<a href="mailto:gkuri@ieee.org">gkuri@ieee.org</a>> wrote:<br>>>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key<br>
>>> exchange to appropriately support SRTP and FreeSWITCH. They do their<br>>>> proprietary Sipura key exchange only, not sure if Cisco plans on<br>>>> upgrading the firmware to ever support SDES on the ATAs. They added<br>
>>> support for SDES to their IP Phones about 1 year ago, but nothing has<br>>>> happened with the ATAs as of yet.<br>>>><br>>>> Gabe<br>>>><br>>>><br>>>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith<br>
>>> <<a href="mailto:mcampbellsmith@gmail.com">mcampbellsmith@gmail.com</a>> wrote:<br>>>>> Hi All,<br>>>>><br>>>>> I managed to borrow a SPA3102 with the latest firmware and have got it<br>
>>>> to register using TLS, but I am still struggling with SRTP. Has<br>>>>> anyone managed to get SRTP working with the Linksys devices and if so,<br>>>>> can they direct me on how to do this.<br>
>>>><br>>>>> I have generated a mini-certificates and SRTP Private Key using the<br>>>>> gen-mc tool found at<br>>>>> <a href="http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3" target="_blank">http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3</a>.<br>
>>>> However, when ever I initiate a call from the SPA, I can see that the<br>>>>> call is not encrypted.<br>>>>><br>>>>> Help appreciated.<br>>>>><br>>>>> Thanks!<br>
>>>><br>>>>><br>>>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <<a href="mailto:eman@chabotel.com">eman@chabotel.com</a>> wrote:<br>>>>>> Check out the Linksys SPA2102<br>
>>>>><br>>>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith<br>>>>>> <<a href="mailto:mcampbellsmith@gmail.com">mcampbellsmith@gmail.com</a>> wrote:<br>>>>>>><br>
>>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the<br>>>>>>> Grandstream HandyTone 503. But, again according to the wiki, that<br>>>>>>> doesn't seem to behave to well with TLS ...<br>
>>>>>><br>>>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <<a href="mailto:jason@jasonjgw.net">jason@jasonjgw.net</a>> wrote:<br>>>>>>> > Mark Campbell-Smith <<a href="mailto:mcampbellsmith@gmail.com">mcampbellsmith@gmail.com</a>> wrote:<br>
>>>>>> >> Does the SPA3102 support TLS or only SRTP?<br>>>>>>> ><br>>>>>>> > I don't know, but supporting only SRTP would be ridiculous, since the<br>>>>>>> > keys<br>
>>>>>> > would then be transmitted in the clear and therefore amenable to<br>>>>>>> > interception.<br>>>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order to be<br>
>>>>>> > secure.<br>>>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works entirely<br>>>>>>> > in<br>>>>>>> > RTP.<br>
>>>>>> ><br>>>>>>> > I would be rather surprised were a hardware manufacturer to implement<br>>>>>>> > SRTP<br>>>>>>> > without TLS for the SIP traffic. On the other hand, we've seen often in<br>
>>>>>> > this<br>>>>>>> > forum that some manufacturers are really clueless...<br>>>>>>> ><br>>>>>>> ><br>>>>>>> > _______________________________________________<br>
>>>>>> > FreeSWITCH-users mailing list<br>>>>>>> > <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>>>>>>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>>>>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>>>>>>> > <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
>>>>>> ><br>>>>>>><br>>>>>>> _______________________________________________<br>>>>>>> FreeSWITCH-users mailing list<br>>>>>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>>>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>>>>>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>>>>> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>>>>>><br>>>>>><br>>>>>> _______________________________________________<br>
>>>>> FreeSWITCH-users mailing list<br>>>>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>>>>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>>>>>> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
>>>>><br>>>>>><br>>>>><br>>>>> _______________________________________________<br>>>>> FreeSWITCH-users mailing list<br>>>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>>>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>>>> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>>>>><br>>>><br>>>> _______________________________________________<br>>>> FreeSWITCH-users mailing list<br>
>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>>>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>>>> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
>>><br>>><br>>> _______________________________________________<br>>> FreeSWITCH-users mailing list<br>>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>>><br>><br>> _______________________________________________<br>> FreeSWITCH-users mailing list<br>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>><br><br>_______________________________________________<br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></div></div></blockquote></div></div>