[asterisk-users] Questions about sRTP
Matthew Jordan
mjordan at digium.com
Thu Jun 20 20:57:30 CDT 2013
On Thu, Jun 20, 2013 at 5:10 PM, Mike Diehl <mdiehlenator at gmail.com> wrote:
>
>
> On Thu, Jun 20, 2013 at 2:05 PM, Joshua Colp <jcolp at digium.com> wrote:
>
>> Mike Diehl wrote:
>>
>>> Hi all,
>>>
>>> I'm getting ready to setup SIP/TLS and SRTP. But I have a few
>>> questions. The first one is that I was reading an article at:
>>>
>>> https://supportforums.cisco.com/docs/DOC-15381
>>>
>>> That indicated that Asterisk doesn't support TLS as an OPTIONAL
>>> transport. It's either all or nothing. Specifically, this is what it
>>> said:
>>>
>>
>> Your statement is incorrect. Asterisk supports TLS as an optional
>> signaling transport (although if you do SDES SRTP without it then someone
>> can snoop on your keys and ultimately decrypt your media).
>>
>> What it does not support is optional *SRTP*. If a device requests SRTP
>> and it's not possible, the call will fail.
>>
>>
> So then, is it safe to say that Asterisk will ALLOW a secure phone call,
> but the client hast to REQUEST it?
>
> I understand that requesting SRTP without SIP/TLS is evil; I just
> misunderstood what I was reading.
>
> I'm also thinking that the AGI script I use to route calls can check if
> either leg of a call comes from or goes to port 5061 and play a sound file
> to indicate that the cal is 'secure.' Does this seem reasonable?
>
>
You can query a channel using the CHANNEL function (
https://wiki.asterisk.org/wiki/display/AST/Function_CHANNEL) to see if the
channel currently supports secure communication, and you can request that
the outbound channel be made secure using the same function.
An example of doing this is on the wiki:
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Specifics
--
Matthew Jordan
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130620/db60f2c5/attachment.htm>
More information about the asterisk-users
mailing list