On Thu, Jun 20, 2013 at 2:05 PM, Joshua Colp <jc...@digium.com> wrote:
> Mike Diehl wrote: > >> Hi all, >> >> I'm getting ready to setup SIP/TLS and SRTP. But I have a few >> questions. The first one is that I was reading an article at: >> >> https://supportforums.cisco.com/docs/DOC-15381 >> >> That indicated that Asterisk doesn't support TLS as an OPTIONAL >> transport. It's either all or nothing. Specifically, this is what it >> said: >> > > Your statement is incorrect. Asterisk supports TLS as an optional > signaling transport (although if you do SDES SRTP without it then someone > can snoop on your keys and ultimately decrypt your media). > > What it does not support is optional *SRTP*. If a device requests SRTP and > it's not possible, the call will fail. > > So then, is it safe to say that Asterisk will ALLOW a secure phone call, but the client hast to REQUEST it? I understand that requesting SRTP without SIP/TLS is evil; I just misunderstood what I was reading. I'm also thinking that the AGI script I use to route calls can check if either leg of a call comes from or goes to port 5061 and play a sound file to indicate that the cal is 'secure.' Does this seem reasonable? Thanks, Mike.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users