[Freeswitch-users] ATA that supports TLS/SRTP w FS

Gabriel Kuri gkuri at ieee.org
Thu Dec 3 14:17:25 PST 2009


AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
exchange to appropriately support SRTP and FreeSWITCH. They do their
proprietary Sipura key exchange only, not sure if Cisco plans on
upgrading the firmware to ever support SDES on the ATAs. They added
support for SDES to their IP Phones about 1 year ago, but nothing has
happened with the ATAs as of yet.

Gabe


On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
<mcampbellsmith at gmail.com> wrote:
> Hi All,
>
> I managed to borrow a SPA3102 with the latest firmware and have got it
> to register using TLS, but I am still struggling with SRTP.  Has
> anyone managed to get SRTP working with the Linksys devices and if so,
> can they direct me on how to do this.
>
> I have generated a mini-certificates and SRTP Private Key using the
> gen-mc tool found at
> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3.
>  However, when ever I initiate a call from the SPA, I can see that the
> call is not encrypted.
>
> Help appreciated.
>
> Thanks!
>
>
> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
>> Check out the Linksys SPA2102
>>
>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
>> <mcampbellsmith at gmail.com> wrote:
>>>
>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
>>> Grandstream HandyTone 503.  But, again according to the wiki, that
>>> doesn't seem to behave to well with TLS ...
>>>
>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net> wrote:
>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
>>> >> Does the SPA3102 support TLS or only SRTP?
>>> >
>>> > I don't know, but supporting only SRTP would be ridiculous, since the
>>> > keys
>>> > would then be transmitted in the clear and therefore amenable to
>>> > interception.
>>> > SRTP requires the SIP channel to be encrypted by TLS in order to be
>>> > secure.
>>> > ZRTP, on the other hand, doesn't have this limitation: it works entirely
>>> > in
>>> > RTP.
>>> >
>>> > I would be rather surprised were a hardware manufacturer to implement
>>> > SRTP
>>> > without TLS for the SIP traffic. On the other hand, we've seen often in
>>> > this
>>> > forum that some manufacturers are really clueless...
>>> >
>>> >
>>> > _______________________________________________
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> > http://www.freeswitch.org
>>> >
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>




More information about the FreeSWITCH-users mailing list