[asterisk-users] Questions about sRTP
Mike Diehl
mdiehlenator at gmail.com
Thu Jun 20 17:10:01 CDT 2013
On Thu, Jun 20, 2013 at 2:05 PM, Joshua Colp <jcolp at digium.com> wrote:
> Mike Diehl wrote:
>
>> Hi all,
>>
>> I'm getting ready to setup SIP/TLS and SRTP. But I have a few
>> questions. The first one is that I was reading an article at:
>>
>> https://supportforums.cisco.com/docs/DOC-15381
>>
>> That indicated that Asterisk doesn't support TLS as an OPTIONAL
>> transport. It's either all or nothing. Specifically, this is what it
>> said:
>>
>
> Your statement is incorrect. Asterisk supports TLS as an optional
> signaling transport (although if you do SDES SRTP without it then someone
> can snoop on your keys and ultimately decrypt your media).
>
> What it does not support is optional *SRTP*. If a device requests SRTP and
> it's not possible, the call will fail.
>
>
So then, is it safe to say that Asterisk will ALLOW a secure phone call,
but the client hast to REQUEST it?
I understand that requesting SRTP without SIP/TLS is evil; I just
misunderstood what I was reading.
I'm also thinking that the AGI script I use to route calls can check if
either leg of a call comes from or goes to port 5061 and play a sound file
to indicate that the cal is 'secure.' Does this seem reasonable?
Thanks,
Mike.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130620/3205c624/attachment.htm>
More information about the asterisk-users
mailing list