Reference11r1:Concept DTLS-SRTP

From innovaphone wiki
Revision as of 17:03, 10 September 2014 by Msc (talk | contribs) (→‎Configuration)
Jump to navigation Jump to search
There are also other versions of this article available: Reference11r1 (this version) | Reference13r3


Applies To

This information applies to

  • all innovaphone devices from v11r1 RC2

Overview

Protocol flow

Configuration

As part of the configuration of registrations the admin can choose the key exchange mechanisms (SDES, DTLS-SRTP) and their priority that shall be used for SRTP. For example, on the phones this is done on page Phone/User/Gerneral. Please consult the corresponding help page for details.

Certificates

No special configuration is needed regarding certificates. DTLS-SRTP does not require endpoints to have the certificate of the remote endpoint in the trust list. Also it doen't check the names inside certificates.

Disabling DTLS-SRTP

For debugging purposes there are config options at the signalling modules that globally turn DTLS-SRTP off. Normally this should not be needed. 

 config add H323 /dtls-disabled
 config add SIP /dtls-disabled
 config add TSIP /dtls-disabled
 config add SIPS /dtls-disabled

Tracing

Activation

Traces for debugging DTLS-SRTP can be activated at the signalling module. The trace flags are also available on the debug.xml page. 

config add H323 /dtls-trace on
config add SIP /dtls-trace on
config add TSIP /dtls-trace on
config add SIPS /dtls-trace on

Reading traces

Known limitations

References

  • RFC5764 - Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)
Retrieved from "https://wiki.innovaphone.com/index.php?title=Reference11r1:Concept_DTLS-SRTP&oldid=35151"