[Freeswitch-users] ATA that supports TLS/SRTP w FS

Yehavi Bourvine yehavi.bourvine at gmail.com
Thu Dec 10 01:11:51 PST 2009


An intermediate report:

*Audiocodes*: TLS works only on outgoing requests, incoming ones are
ignored. I am waiting for Audiocodes' help in order to debug it.
SRTP: worked when no TLS is active. When TLS is active the call is
disconnected when the remote party answers. Still debugging it.

*VegaStream Europa-50*: SRTP works. Waiting for Vega for instructions how to
enable TLS from the WEB interface.

                         Regards, __Yehavi:

2009/12/4 Yehavi Bourvine <yehavi.bourvine at gmail.com>

> I'll report when I am done.
>
> So far I've enabled only SRTP and both support it.
>
>              __Yehavi:
>
> 2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>
>
>> Thanks Yehavi,
>>
>> I would be very interested to find out how your test goes... can you
>> report back after you have tested it?
>>
>> Thanks!
>>
>> On Fri, Dec 4, 2009 at 3:38 PM, Yehavi Bourvine
>> <yehavi.bourvine at gmail.com> wrote:
>> > Hello,
>> >
>> >   I have AudioCodes MP and Vega ATA adapters. They both support SRTP;
>> they
>> > should support TLS also (will try it next week; up to now I preffered to
>> not
>> > use TLS so I can sniff the traffic and debug things).
>> >
>> >                  Regards, __Yehavi:
>> >
>> > 2009/12/4 Mark Campbell-Smith <mcampbellsmith at gmail.com>
>> >>
>> >> Cheers Gabriel.. thanks for the information.
>> >>
>> >> I'll look at the Mediatrix ATA's as an alternative - has anyone had
>> >> experience with those and TLS/SRTP?
>> >>
>> >>
>> >> On Fri, Dec 4, 2009 at 10:25 AM, Gabriel Kuri <gkuri at ieee.org> wrote:
>> >> > The ATAs I'm aware that claim support for TLS and SRTP w/ SDES are
>> the
>> >> > Grandstream and Mediatrix devices (although I've never tried either
>> >> > one with FreeSWITCH).
>> >> >
>> >> > I've personally never had any good experience with the Grandstream
>> >> > ATAs. The Mediatrix ATAs are OK devices, but I've never personally
>> >> > tested them with SRTP w/SDES and FreeSWITCH, but supposedly they
>> >> > support it (so says their marketing material and docs).
>> >> >
>> >> > I'd see if Cisco has any plans to add support for it to the ATAs.
>> Next
>> >> > time I see our Cisco SE, I'll try to poke him about it.
>> >> >
>> >> > Gabe
>> >> >
>> >> > On Thu, Dec 3, 2009 at 2:34 PM, Mark Campbell-Smith
>> >> > <mcampbellsmith at gmail.com> wrote:
>> >> >> Quote: Cisco/Linksys SPA series ATAs do not support SDES key
>> exchange
>> >> >> to appropriately support SRTP and FreeSWITCH
>> >> >>
>> >> >> I'll check with Cisco regarding their implementation then and try to
>> >> >> find out when/if they will support standard SRTP encryption.
>> >> >>
>> >> >>
>> >> >> So, back to my origianal question then.  Are there any ATA's that
>> >> >> support TLS AND SRTP with FreeSwitch?
>> >> >>
>> >> >>
>> >> >> On Fri, Dec 4, 2009 at 9:17 AM, Gabriel Kuri <gkuri at ieee.org>
>> wrote:
>> >> >>> AFAIK, the Cisco/Linksys SPA series ATAs do not support SDES key
>> >> >>> exchange to appropriately support SRTP and FreeSWITCH. They do
>> their
>> >> >>> proprietary Sipura key exchange only, not sure if Cisco plans on
>> >> >>> upgrading the firmware to ever support SDES on the ATAs. They added
>> >> >>> support for SDES to their IP Phones about 1 year ago, but nothing
>> has
>> >> >>> happened with the ATAs as of yet.
>> >> >>>
>> >> >>> Gabe
>> >> >>>
>> >> >>>
>> >> >>> On Thu, Dec 3, 2009 at 2:05 PM, Mark Campbell-Smith
>> >> >>> <mcampbellsmith at gmail.com> wrote:
>> >> >>>> Hi All,
>> >> >>>>
>> >> >>>> I managed to borrow a SPA3102 with the latest firmware and have
>> got
>> >> >>>> it
>> >> >>>> to register using TLS, but I am still struggling with SRTP.  Has
>> >> >>>> anyone managed to get SRTP working with the Linksys devices and if
>> >> >>>> so,
>> >> >>>> can they direct me on how to do this.
>> >> >>>>
>> >> >>>> I have generated a mini-certificates and SRTP Private Key using
>> the
>> >> >>>> gen-mc tool found at
>> >> >>>>
>> >> >>>>
>> http://www.megajournal.ru/journal/users_data/11049/msg_files/24120/gen-mc.c-v0.98.tar.gz.mp3
>> .
>> >> >>>>  However, when ever I initiate a call from the SPA, I can see that
>> >> >>>> the
>> >> >>>> call is not encrypted.
>> >> >>>>
>> >> >>>> Help appreciated.
>> >> >>>>
>> >> >>>> Thanks!
>> >> >>>>
>> >> >>>>
>> >> >>>> On Sat, Nov 28, 2009 at 6:31 AM, eman <eman at chabotel.com> wrote:
>> >> >>>>> Check out the Linksys SPA2102
>> >> >>>>>
>> >> >>>>> On Wed, Nov 25, 2009 at 3:34 AM, Mark Campbell-Smith
>> >> >>>>> <mcampbellsmith at gmail.com> wrote:
>> >> >>>>>>
>> >> >>>>>> The only ATA mentioned on the WIKI that supports TLS/SRTP is the
>> >> >>>>>> Grandstream HandyTone 503.  But, again according to the wiki,
>> that
>> >> >>>>>> doesn't seem to behave to well with TLS ...
>> >> >>>>>>
>> >> >>>>>> On Wed, Nov 25, 2009 at 7:14 PM, Jason White <
>> jason at jasonjgw.net>
>> >> >>>>>> wrote:
>> >> >>>>>> > Mark Campbell-Smith <mcampbellsmith at gmail.com> wrote:
>> >> >>>>>> >> Does the SPA3102 support TLS or only SRTP?
>> >> >>>>>> >
>> >> >>>>>> > I don't know, but supporting only SRTP would be ridiculous,
>> since
>> >> >>>>>> > the
>> >> >>>>>> > keys
>> >> >>>>>> > would then be transmitted in the clear and therefore amenable
>> to
>> >> >>>>>> > interception.
>> >> >>>>>> > SRTP requires the SIP channel to be encrypted by TLS in order
>> to
>> >> >>>>>> > be
>> >> >>>>>> > secure.
>> >> >>>>>> > ZRTP, on the other hand, doesn't have this limitation: it
>> works
>> >> >>>>>> > entirely
>> >> >>>>>> > in
>> >> >>>>>> > RTP.
>> >> >>>>>> >
>> >> >>>>>> > I would be rather surprised were a hardware manufacturer to
>> >> >>>>>> > implement
>> >> >>>>>> > SRTP
>> >> >>>>>> > without TLS for the SIP traffic. On the other hand, we've seen
>> >> >>>>>> > often in
>> >> >>>>>> > this
>> >> >>>>>> > forum that some manufacturers are really clueless...
>> >> >>>>>> >
>> >> >>>>>> >
>> >> >>>>>> > _______________________________________________
>> >> >>>>>> > FreeSWITCH-users mailing list
>> >> >>>>>> > FreeSWITCH-users at lists.freeswitch.org
>> >> >>>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>>>>> >
>> >> >>>>>> > UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >>>>>> > http://www.freeswitch.org
>> >> >>>>>> >
>> >> >>>>>>
>> >> >>>>>> _______________________________________________
>> >> >>>>>> FreeSWITCH-users mailing list
>> >> >>>>>> FreeSWITCH-users at lists.freeswitch.org
>> >> >>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>>>>>
>> >> >>>>>> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >>>>>> http://www.freeswitch.org
>> >> >>>>>
>> >> >>>>>
>> >> >>>>> _______________________________________________
>> >> >>>>> FreeSWITCH-users mailing list
>> >> >>>>> FreeSWITCH-users at lists.freeswitch.org
>> >> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>>>>
>> >> >>>>> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >>>>> http://www.freeswitch.org
>> >> >>>>>
>> >> >>>>>
>> >> >>>>
>> >> >>>> _______________________________________________
>> >> >>>> FreeSWITCH-users mailing list
>> >> >>>> FreeSWITCH-users at lists.freeswitch.org
>> >> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>>>
>> >> >>>> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >>>> http://www.freeswitch.org
>> >> >>>>
>> >> >>>
>> >> >>> _______________________________________________
>> >> >>> FreeSWITCH-users mailing list
>> >> >>> FreeSWITCH-users at lists.freeswitch.org
>> >> >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>>
>> >> >>> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >>> http://www.freeswitch.org
>> >> >>>
>> >> >>
>> >> >> _______________________________________________
>> >> >> FreeSWITCH-users mailing list
>> >> >> FreeSWITCH-users at lists.freeswitch.org
>> >> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> >>
>> >> >> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> >> http://www.freeswitch.org
>> >> >>
>> >> >
>> >> > _______________________________________________
>> >> > FreeSWITCH-users mailing list
>> >> > FreeSWITCH-users at lists.freeswitch.org
>> >> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> > UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> > http://www.freeswitch.org
>> >> >
>> >>
>> >> _______________________________________________
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:
>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20091210/0046d3cb/attachment-0002.html 


More information about the FreeSWITCH-users mailing list