Reference11r1:Concept DTLS-SRTP: Difference between revisions

Applies To

This information applies to

• all innovaphone devices from v11r1 RC2

Overview

Protocol flow

Configuration

As part of the configuration of registrations the admin can choose the key exchange mechanisms (SDES, DTLS-SRTP) and their priority that shall be used for SRTP. Please consult the corresponding help page for details.

Certificates

No special configuration is needed regarding certificates. DTLS-SRTP does not require endpoints to have the certificate of the remote endpoint in the trust list. Also it doen't check the names inside certificates.

Disabling DTLS-SRTP

For debugging purposes there are config options at the signalling modules that globally turn DTLS-SRTP off. Normally this should not be needed.

 config add H323 /dtls-disabled
 config add SIP /dtls-disabled
 config add TSIP /dtls-disabled
 config add SIPS /dtls-disabled

Tracing

Activation

Traces for debugging DTLS-SRTP can be activated at the signalling module. The trace flags are also available on the debug.xml page.

config add H323 /dtls-trace on
config add SIP /dtls-trace on
config add TSIP /dtls-trace on
config add SIPS /dtls-trace on

Reading traces

Known limitations

References

• RFC5764 - Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)