[Freeswitch-users] ATA that supports TLS/SRTP w FS
Mark Campbell-Smith
mcampbellsmith at gmail.com
Thu Dec 3 21:01:21 PST 2009
Thanks Yehavi,
I would be very interested to find out how your test goes... can you
report back after you have tested it?
Thanks!
On Fri, Dec 4, 2009 at 3:38 PM, Yehavi Bourvine
<yehavi.bourvine at gmail.com> wrote:
> Hello,
>
> I have AudioCodes MP and Vega ATA adapters. They both support SRTP; they
> should support TLS also (will try it next week; up to now I preffered to not
> use TLS so I can sniff the traffic and debug things).
>
> Regards, __Yehavi:
>
> 2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>
>>
>> Cheers Gabriel.. thanks for the information.
>>
>> I'll look at the Mediatrix ATA's as an alternative - has anyone had
>> experience with those and TLS/SRTP?
>>
>>
>> On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
>> > The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the
>> > Grandstream and Mediatrix devices (although I've never tried either
>> > one with FreeSWITCH).
>> >
>> > I've personally never had any good experience with the Grandstream
>> > ATAs. The Mediatrix ATAs are OK devices, but I've never personally
>> > tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
>> > support it (so says their marketing material and docs).
>> >
>> > I'd see if Cisco has any plans to add support for it to the ATAs. Next
>> > time I see our Cisco SE, I'll try to poke him about it.
>> >
>> > Gabe
>> >
>> > On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
>> > <mcampbellsmith at gmail.com> wrote:
>> >> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange
>> >> to appropriately support SRTP and FreeSWITCH
>> >>
>> >> I'll check with Cisco regarding their implementation then and try to
>> >> find out when/if they will support standard SRTP encryption.
>> >>
>> >>
>> >> So, back to my origianal question then. Are there any ATA's that
>> >> support TLS AND SRTP with FreeSwitch?
>> >>
>> >>
>> >> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
>> >>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
>> >>> exchange to appropriately support SRTP and FreeSWITCH. They do their
>> >>> proprietary Sipura key exchange only, not sure if Cisco plans on
>> >>> upgrading the firmware to ever support SDES on the ATAs. They added
>> >>> support for SDES to their IP Phones about 1 year ago, but nothing has
>> >>> happened with the ATAs as of yet.
>> >>>
>> >>> Gabe
>> >>>
>> >>>
>> >>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
>> >>> <mcampbellsmith at gmail.com> wrote:
>> >>>> Hi All,
>> >>>>
>> >>>> I managed to borrow a SPA3102 with the latest firmware and have got
>> >>>> it
>> >>>> to register using TLS, but I am still struggling with SRTP. Has
>> >>>> anyone managed to get SRTP working with the Linksys devices and if
>> >>>> so,
>> >>>> can they direct me on how to do this.
>> >>>>
>> >>>> I have generated a mini-certificates and SRTP Private Key using the
>> >>>> gen-mc tool found at
>> >>>>
>> >>>> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3.
>> >>>> However, when ever I initiate a call from the SPA, I can see that
>> >>>> the
>> >>>> call is not encrypted.
>> >>>>
>> >>>> Help appreciated.
>> >>>>
>> >>>> Thanks!
>> >>>>
>> >>>>
>> >>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
>> >>>>> Check out the Linksys SPA2102
>> >>>>>
>> >>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
>> >>>>> <mcampbellsmith at gmail.com> wrote:
>> >>>>>>
>> >>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
>> >>>>>> Grandstream HandyTone 503. But, again according to the wiki, that
>> >>>>>> doesn't seem to behave to well with TLS ...
>> >>>>>>
>> >>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net>
>> >>>>>> wrote:
>> >>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
>> >>>>>> >> Does the SPA3102 support TLS or only SRTP?
>> >>>>>> >
>> >>>>>> > I don't know, but supporting only SRTP would be ridiculous, since
>> >>>>>> > the
>> >>>>>> > keys
>> >>>>>> > would then be transmitted in the clear and therefore amenable to
>> >>>>>> > interception.
>> >>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order to
>> >>>>>> > be
>> >>>>>> > secure.
>> >>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works
>> >>>>>> > entirely
>> >>>>>> > in
>> >>>>>> > RTP.
>> >>>>>> >
>> >>>>>> > I would be rather surprised were a hardware manufacturer to
>> >>>>>> > implement
>> >>>>>> > SRTP
>> >>>>>> > without TLS for the SIP traffic. On the other hand, we've seen
>> >>>>>> > often in
>> >>>>>> > this
>> >>>>>> > forum that some manufacturers are really clueless...
>> >>>>>> >
>> >>>>>> >
>> >>>>>> > _______________________________________________
>> >>>>>> > FreeSWITCH-users mailing list
>> >>>>>> > FreeSWITCH-users at lists.freeswitch.org
>> >>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>>> >
>> >>>>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>>>> > http://www.freeswitch.org
>> >>>>>> >
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> FreeSWITCH-users mailing list
>> >>>>>> FreeSWITCH-users at lists.freeswitch.org
>> >>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>>>
>> >>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>>>> http://www.freeswitch.org
>> >>>>>
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> FreeSWITCH-users mailing list
>> >>>>> FreeSWITCH-users at lists.freeswitch.org
>> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>>
>> >>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>>> http://www.freeswitch.org
>> >>>>>
>> >>>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> FreeSWITCH-users mailing list
>> >>>> FreeSWITCH-users at lists.freeswitch.org
>> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>>
>> >>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>>> http://www.freeswitch.org
>> >>>>
>> >>>
>> >>> _______________________________________________
>> >>> FreeSWITCH-users mailing list
>> >>> FreeSWITCH-users at lists.freeswitch.org
>> >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>>
>> >>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >>> http://www.freeswitch.org
>> >>>
>> >>
>> >> _______________________________________________
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >>
>> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >>
>> >
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
More information about the FreeSWITCH-users
mailing list