[Freeswitch-users] ATA that supports TLS/SRTP w FS
Yehavi Bourvine
yehavi.bourvine at gmail.com
Fri Dec 4 01:19:51 PST 2009
I'll report when I am done.
So far I've enabled only SRTP and both support it.
__Yehavi:
2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>
> Thanks Yehavi,
>
> I would be very interested to find out how your test goes... can you
> report back after you have tested it?
>
> Thanks!
>
> On Fri, Dec 4, 2009 at 3:38 PM, Yehavi Bourvine
> <yehavi.bourvine at gmail.com> wrote:
> > Hello,
> >
> > I have AudioCodes MP and Vega ATA adapters. They both support SRTP;
> they
> > should support TLS also (will try it next week; up to now I preffered to
> not
> > use TLS so I can sniff the traffic and debug things).
> >
> > Regards, __Yehavi:
> >
> > 2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>
> >>
> >> Cheers Gabriel.. thanks for the information.
> >>
> >> I'll look at the Mediatrix ATA's as an alternative - has anyone had
> >> experience with those and TLS/SRTP?
> >>
> >>
> >> On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
> >> > The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are the
> >> > Grandstream and Mediatrix devices (although I've never tried either
> >> > one with FreeSWITCH).
> >> >
> >> > I've personally never had any good experience with the Grandstream
> >> > ATAs. The Mediatrix ATAs are OK devices, but I've never personally
> >> > tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
> >> > support it (so says their marketing material and docs).
> >> >
> >> > I'd see if Cisco has any plans to add support for it to the ATAs. Next
> >> > time I see our Cisco SE, I'll try to poke him about it.
> >> >
> >> > Gabe
> >> >
> >> > On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
> >> > <mcampbellsmith at gmail.com> wrote:
> >> >> Quote: Cisco/Linksys SPA series ATAs do not support SDES key exchange
> >> >> to appropriately support SRTP and FreeSWITCH
> >> >>
> >> >> I'll check with Cisco regarding their implementation then and try to
> >> >> find out when/if they will support standard SRTP encryption.
> >> >>
> >> >>
> >> >> So, back to my origianal question then. Are there any ATA's that
> >> >> support TLS AND SRTP with FreeSwitch?
> >> >>
> >> >>
> >> >> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
> >> >>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
> >> >>> exchange to appropriately support SRTP and FreeSWITCH. They do their
> >> >>> proprietary Sipura key exchange only, not sure if Cisco plans on
> >> >>> upgrading the firmware to ever support SDES on the ATAs. They added
> >> >>> support for SDES to their IP Phones about 1 year ago, but nothing
> has
> >> >>> happened with the ATAs as of yet.
> >> >>>
> >> >>> Gabe
> >> >>>
> >> >>>
> >> >>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
> >> >>> <mcampbellsmith at gmail.com> wrote:
> >> >>>> Hi All,
> >> >>>>
> >> >>>> I managed to borrow a SPA3102 with the latest firmware and have got
> >> >>>> it
> >> >>>> to register using TLS, but I am still struggling with SRTP. Has
> >> >>>> anyone managed to get SRTP working with the Linksys devices and if
> >> >>>> so,
> >> >>>> can they direct me on how to do this.
> >> >>>>
> >> >>>> I have generated a mini-certificates and SRTP Private Key using the
> >> >>>> gen-mc tool found at
> >> >>>>
> >> >>>>
> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3
> .
> >> >>>> However, when ever I initiate a call from the SPA, I can see that
> >> >>>> the
> >> >>>> call is not encrypted.
> >> >>>>
> >> >>>> Help appreciated.
> >> >>>>
> >> >>>> Thanks!
> >> >>>>
> >> >>>>
> >> >>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
> >> >>>>> Check out the Linksys SPA2102
> >> >>>>>
> >> >>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
> >> >>>>> <mcampbellsmith at gmail.com> wrote:
> >> >>>>>>
> >> >>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
> >> >>>>>> Grandstream HandyTone 503. But, again according to the wiki,
> that
> >> >>>>>> doesn't seem to behave to well with TLS ...
> >> >>>>>>
> >> >>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <jason at jasonjgw.net
> >
> >> >>>>>> wrote:
> >> >>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
> >> >>>>>> >> Does the SPA3102 support TLS or only SRTP?
> >> >>>>>> >
> >> >>>>>> > I don't know, but supporting only SRTP would be ridiculous,
> since
> >> >>>>>> > the
> >> >>>>>> > keys
> >> >>>>>> > would then be transmitted in the clear and therefore amenable
> to
> >> >>>>>> > interception.
> >> >>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order
> to
> >> >>>>>> > be
> >> >>>>>> > secure.
> >> >>>>>> > ZRTP, on the other hand, doesn't have this limitation: it works
> >> >>>>>> > entirely
> >> >>>>>> > in
> >> >>>>>> > RTP.
> >> >>>>>> >
> >> >>>>>> > I would be rather surprised were a hardware manufacturer to
> >> >>>>>> > implement
> >> >>>>>> > SRTP
> >> >>>>>> > without TLS for the SIP traffic. On the other hand, we've seen
> >> >>>>>> > often in
> >> >>>>>> > this
> >> >>>>>> > forum that some manufacturers are really clueless...
> >> >>>>>> >
> >> >>>>>> >
> >> >>>>>> > _______________________________________________
> >> >>>>>> > FreeSWITCH-users mailing list
> >> >>>>>> > FreeSWITCH-users at lists.freeswitch.org
> >> >>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>>>>> >
> >> >>>>>> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >>>>>> > http://www.freeswitch.org
> >> >>>>>> >
> >> >>>>>>
> >> >>>>>> _______________________________________________
> >> >>>>>> FreeSWITCH-users mailing list
> >> >>>>>> FreeSWITCH-users at lists.freeswitch.org
> >> >>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>>>>>
> >> >>>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >>>>>> http://www.freeswitch.org
> >> >>>>>
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> FreeSWITCH-users mailing list
> >> >>>>> FreeSWITCH-users at lists.freeswitch.org
> >> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>>>>
> >> >>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >>>>> http://www.freeswitch.org
> >> >>>>>
> >> >>>>>
> >> >>>>
> >> >>>> _______________________________________________
> >> >>>> FreeSWITCH-users mailing list
> >> >>>> FreeSWITCH-users at lists.freeswitch.org
> >> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>>>
> >> >>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >>>> http://www.freeswitch.org
> >> >>>>
> >> >>>
> >> >>> _______________________________________________
> >> >>> FreeSWITCH-users mailing list
> >> >>> FreeSWITCH-users at lists.freeswitch.org
> >> >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>>
> >> >>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >>> http://www.freeswitch.org
> >> >>>
> >> >>
> >> >> _______________________________________________
> >> >> FreeSWITCH-users mailing list
> >> >> FreeSWITCH-users at lists.freeswitch.org
> >> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> >>
> >> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> >> http://www.freeswitch.org
> >> >>
> >> >
> >> > _______________________________________________
> >> > FreeSWITCH-users mailing list
> >> > FreeSWITCH-users at lists.freeswitch.org
> >> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> > http://www.freeswitch.org
> >> >
> >>
> >> _______________________________________________
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> > _______________________________________________
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20091204/bc9e1245/attachment-0002.html
More information about the FreeSWITCH-users
mailing list