[asterisk-users] SIP over SSL TCP or SRTP?

Stefan at WPF stefan.at.wpf at googlemail.com
Sat Jun 23 06:04:13 CDT 2012


Hello Bruce,

2012/6/22 Bruce B <bruceb444 at gmail.com>

> Thanks. Want to secure everything and anything possible.
>
> 1- Can both  SIP over TLS  and SRTP work in conjunction to each other?
>
yes, you even need them both. SRTP encrypts just the media (audio), but the
encryption key for it has to be sent somehow. That's done using SIP, which
therefore also needs to be secured. That's what you use TLS for.

> 2- Is SIP over TLS a package or added on module that can be installed from
> Digium Asterisk repository?
>
 SRTP is natively included since asterisk 1.8, I think TLS also, but I am
not sure.

> 3- SRTP takes care of the RTP and makes it secure so that MITM type
> sniffing is not possible?
>
I leave this question to the real experts ;-) With only SRTP (no TLS) one
can still sniff the encryption keys from the SIP messages.

>
> Regards,
>
>
>
> On Fri, Jun 22, 2012 at 2:39 PM, Kevin P. Fleming <kpfleming at digium.com>wrote:
>
>> On 06/22/2012 12:56 PM, Bruce B wrote:
>>
>>  Which one of these ensures that SIP packets are sent and received in a
>>> secure format so that users using public wifi don't allow MITM type of
>>> attacks or others can't read the plaintext SIP packet info. VPN is not
>>> an option. Looking for 2nd most secure to VPN.
>>>
>>
>> SIP over TLS (what used to be called SSL) is what secures the SIP
>> signaling. SRTP is for securing media streams.
>>
>> --
>> Kevin P. Fleming
>> Digium, Inc. | Director of Software Technologies
>> Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype:
>> kpfleming
>> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
>> Check us out at www.digium.com & www.asterisk.org
>>
>>
>>
>>
>> --
>> ______________________________**______________________________**_________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>              http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>  http://lists.digium.com/**mailman/listinfo/asterisk-**users<http://lists.digium.com/mailman/listinfo/asterisk-users>
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120623/31e71a74/attachment.htm>


More information about the asterisk-users mailing list