<br><br><div class="gmail_quote"><div style="margin-left:40px">On Thu, Jun 20, 2013 at 2:05 PM, Joshua Colp <span dir="ltr"><<a href="mailto:jcolp@digium.com" target="_blank">jcolp@digium.com</a>></span> wrote:<br></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="margin-left:40px" class="im">Mike Diehl wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
I'm getting ready to setup SIP/TLS and SRTP. But I have a few<br>
questions. The first one is that I was reading an article at:<br>
<br>
<a href="https://supportforums.cisco.com/docs/DOC-15381" target="_blank">https://supportforums.cisco.com/docs/DOC-15381</a><br>
<br>
That indicated that Asterisk doesn't support TLS as an OPTIONAL<br>
transport. It's either all or nothing. Specifically, this is what it said:<br>
</blockquote>
<br></div><div style="margin-left:40px">
Your statement is incorrect. Asterisk supports TLS as an optional signaling transport (although if you do SDES SRTP without it then someone can snoop on your keys and ultimately decrypt your media).<br>
<br>
What it does not support is optional *SRTP*. If a device requests SRTP and it's not possible, the call will fail.<br></div>
<br></blockquote><div> </div><div>So then, is it safe to say that Asterisk will ALLOW a secure phone call, but the client hast to REQUEST it? <br><br>I understand that requesting SRTP without SIP/TLS is evil; I just misunderstood what I was reading. <br>
<br>I'm also thinking that the AGI script I use to route calls can check if either leg of a call comes from or goes to port 5061 and play a sound file to indicate that the cal is 'secure.' Does this seem reasonable?<br>
<br>Thanks,<br><br>Mike.<br></div></div>