<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>I do understand the need for tls, I have no issues with tls, it works fine, it's the srtp I haven't managed to get working.</div><div><br></div><div>Thanks for your reply.</div><div><br></div><div>Mitch</div><br><div><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">Steven Ayre <<a href="mailto:steveayre@gmail.com">steveayre@gmail.com</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">March 6, 2011 2:05:17 PM EST<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;">FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Re: [Freeswitch-users] srtp clarification</b><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(127, 127, 127, 1.0);"><b>Reply-To: </b></span><span style="font-family:'Helvetica'; font-size:medium;">FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>><br></span></div><br><br><blockquote type="cite">The problem comes in when I require SRTP only on the phones.<br></blockquote><br>If you use SRTP without TLS, you get no security at all. The<br>encryption key used for the SRTP is passed within the SIP signalling.<br>Unless you encrypt that then anyone intercepting the call can get the<br>key from the signalling and then decrypt the media at will.<br><br>-Steve<br><br><br><br>On 6 March 2011 16:43, Mitch Johnson <<a href="mailto:mitch.johnson7@gmail.com">mitch.johnson7@gmail.com</a>> wrote:<br><blockquote type="cite">My previous post may have suggested that the TLS/SRTP was not working. Where in fact, the TLS works like a charm.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">The problem comes in when I require SRTP only on the phones. When SRTP s turned off it works great, and so does TLS.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">I've been trying to understand how the voice part of the call is setup using SRTP. When I go through the logs, I don't see anything that says that SRTP failed anywhere. I'm pretty sure it's somewhere in my configuration. In Asterisk I had to define the transport mechanism of tls and encryption=yes to make it supposed to work. But then I never got it working there either, the difference with Asterisk is that it was showing SRTP as failing, but there's a bug causing that so it was pretty much a brick wall for me.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Am I supposed to do something under the user profile or somewhere else where that call is encrypted using SRTP? I followed the TLS and SRTP guides to do the setup.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Any help on this would be greatly appreciated. As with any problem, it's consuming my life until I can sort it out.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Thanks so much ahead of time,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Mitch<br></blockquote><blockquote type="cite">_______________________________________________<br></blockquote><blockquote type="cite">FreeSWITCH-users mailing list<br></blockquote><blockquote type="cite"><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br></blockquote><blockquote type="cite"><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br></blockquote><blockquote type="cite">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br></blockquote><blockquote type="cite"><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br></blockquote><blockquote type="cite"><br></blockquote><br><br><br></blockquote></div><br></body></html>