Security Features
114
When you place a call on the enabled SRTP phone, the phone sends an INVITE message with the RTP/RTCP
encryption algorithm to the destination phone. As described in
, RTP/RTCP streams may be encrypted
using an AES (Advanced Encryption Standard) algorithm.
Example of the RTP encryption algorithm carried in the SDP of the INVITE message:
m=audio 11780 RTP/SAVP 0 8 18 9 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:NzFlNTUwZDk2OGVlOTc3YzNkYTkwZWVkMTM1YWFj
a=crypto:2 AES_CM_128_HMAC_SHA1_32 > inline:NzkyM2FjNzQ2ZDgxYjg0MzQwMGVmMGUxMzdmNWFm
a=crypto:3 F8_128_HMAC_SHA1_80 inline:NDliMWIzZGE1ZTAwZjA5ZGFhNjQ5YmEANTMzYzA0
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=fmtp:101 0-15
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv
The callee receives the INVITE message with the RTP encryption algorithm and then answers the call by respond-
ing with a 200 OK message which carries the negotiated RTP encryption algorithm.
Example of the RTP encryption algorithm carried in the SDP of the 200 OK message:
m=audio 11780 RTP/SAVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:NGY4OGViMDYzZjQzYTNiOTNkOWRiYzRlMjM0Yzcz
a=sendrecv
a=ptime:20
a=fmtp:101 0-15
When SRTP is enabled on both phones, RTP streams will be encrypted, and a lock icon appears on the LCD
screen of each IP phone after a successful negotiation.
Note
: If you enable SRTP, then you should also enable TLS. This ensures the security of SRTP encryption. For more inform-
ation on TLS, refer to
Transport Layer Security (TLS)
. You can configure the IP phone to include unencrypted RTP/RTCP
streams in SDP offers by “account.X.srtp.unencrypted_rtp.enable”/”account.X.srtp.unencrypted_rtcp.enable”.
Topic
SRTP Configuration
The following table lists the parameters you can use to configure the SRTP.
Parameter account.X.srtp_encryption
[1]
<MAC>.cfg