Reference11r1:Concept DTLS-SRTP
Applies To
This information applies to
- all innovaphone devices from v11r1 RC2
Overview
Protocol flow
Configuration
As part of the configuration of registrations the admin can choose the key exchange mechanisms (SDES, DTLS-SRTP) and their priority that shall be used for SRTP. For example, on the phones this is done on page Phone/User/Gerneral. Please consult the corresponding help page for details.
Certificates
No special configuration is needed regarding certificates. DTLS-SRTP does not require endpoints to have the certificate of the remote endpoint in the trust list. Also it doen't check the names inside certificates.
Disabling DTLS-SRTP
For debugging purposes there are config options at the signalling modules that globally turn DTLS-SRTP off. Normally this should not be needed.
config add H323 /dtls-disabled config add SIP /dtls-disabled config add TSIP /dtls-disabled config add SIPS /dtls-disabled
Tracing
Activation
Traces for debugging DTLS-SRTP can be activated at the signalling module. The trace flags are also available on the debug.xml page.
config add H323 /dtls-trace on config add SIP /dtls-trace on config add TSIP /dtls-trace on config add SIPS /dtls-trace on
Reading traces
Known limitations
References
- RFC5764 - Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)