[Freeswitch-users] srtp clarification

[Steven Ayre]

> The problem comes in when I require SRTP only on the phones.

If you use SRTP without TLS, you get no security at all. The
encryption key used for the SRTP is passed within the SIP signalling.
Unless you encrypt that then anyone intercepting the call can get the
key from the signalling and then decrypt the media at will.

-Steve



On 6 March 2011 16:43, Mitch Johnson <mitch.johnson7 at gmail.com> wrote:
> My previous post may have suggested that the TLS/SRTP was not working.  Where in fact, the TLS works like a charm.
>
> The problem comes in when I require SRTP only on the phones.  When SRTP s turned off it works great, and so does TLS.
>
> I've been trying to understand how the voice part of the call is setup using SRTP.  When I go through the logs, I don't see anything that says that SRTP failed anywhere.  I'm pretty sure it's somewhere in my configuration.  In Asterisk I had to define the transport mechanism of tls and encryption=yes to make it supposed to work.  But then I never got it working there either, the difference with Asterisk is that it was showing SRTP as failing, but there's a bug causing that so it was pretty much a brick wall for me.
>
> Am I supposed to do something under the user profile or somewhere else where that call is encrypted using SRTP?  I followed the TLS and SRTP guides to do the setup.
>
> Any help on this would be greatly appreciated.  As with any problem, it's consuming my life until I can sort it out.
>
> Thanks so much ahead of time,
>
> Mitch
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>