[Freeswitch-users] ATA that supports TLS/SRTP w FS

Mark Campbell-Smith mcampbellsmith at gmail.com
Thu Dec 3 18:26:17 PST 2009


Cheers Gabriel.. thanks for the information.

I'll look at the Mediatrix ATA's as an alternative - has anyone had
experience with those and TLS/SRTP?


On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
> The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the
> Grandstream and Mediatrix devices (although I've never tried either
> one with FreeSWITCH).
>
> I've personally never had any good experience with the Grandstream
> ATAs. The Mediatrix ATAs are OK devices, but I've never personally
> tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
> support it (so says their marketing material and docs).
>
> I'd see if Cisco has any plans to add support for it to the ATAs. Next
> time I see our Cisco SE, I'll try to poke him about it.
>
> Gabe
>
> On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
> <mcampbellsmith at gmail.com> wrote:
>> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange
>> to appropriately support SRTP and FreeSWITCH
>>
>> I'll check with Cisco regarding their implementation then and try to
>> find out when/if they will support standard SRTP encryption.
>>
>>
>> So, back to my origianal question then.  Are there any ATA's that
>> support TLS AND SRTP with FreeSwitch?
>>
>>
>> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
>>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
>>> exchange to appropriately support SRTP and FreeSWITCH. They do their
>>> proprietary Sipura key exchange only, not sure if Cisco plans on
>>> upgrading the firmware to ever support SDES on the ATAs. They added
>>> support for SDES to their IP Phones about 1 year ago, but nothing has
>>> happened with the ATAs as of yet.
>>>
>>> Gabe
>>>
>>>
>>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
>>> <mcampbellsmith at gmail.com> wrote:
>>>> Hi All,
>>>>
>>>> I managed to borrow a SPA3102 with the latest firmware and have got it
>>>> to register using TLS, but I am still struggling with SRTP.  Has
>>>> anyone managed to get SRTP working with the Linksys devices and if so,
>>>> can they direct me on how to do this.
>>>>
>>>> I have generated a mini-certificates and SRTP Private Key using the
>>>> gen-mc tool found at
>>>> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3.
>>>>  However, when ever I initiate a call from the SPA, I can see that the
>>>> call is not encrypted.
>>>>
>>>> Help appreciated.
>>>>
>>>> Thanks!
>>>>
>>>>
>>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
>>>>> Check out the Linksys SPA2102
>>>>>
>>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
>>>>> <mcampbellsmith at gmail.com> wrote:
>>>>>>
>>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
>>>>>> Grandstream HandyTone 503.  But, again according to the wiki, that
>>>>>> doesn't seem to behave to well with TLS ...
>>>>>>
>>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net> wrote:
>>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
>>>>>> >> Does the SPA3102 support TLS or only SRTP?
>>>>>> >
>>>>>> > I don't know, but supporting only SRTP would be ridiculous, since the
>>>>>> > keys
>>>>>> > would then be transmitted in the clear and therefore amenable to
>>>>>> > interception.
>>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order to be
>>>>>> > secure.
>>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works entirely
>>>>>> > in
>>>>>> > RTP.
>>>>>> >
>>>>>> > I would be rather surprised were a hardware manufacturer to implement
>>>>>> > SRTP
>>>>>> > without TLS for the SIP traffic. On the other hand, we've seen often in
>>>>>> > this
>>>>>> > forum that some manufacturers are really clueless...
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > FreeSWITCH-users mailing list
>>>>>> > FreeSWITCH-users at lists.freeswitch.org
>>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> > http://www.freeswitch.org
>>>>>> >
>>>>>>
>>>>>> _______________________________________________
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>> _______________________________________________
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>




More information about the FreeSWITCH-users mailing list