Hi Richard and Alex, Thank you very much for the information. In our Kamailio configuration the rtpengine_manage() lines have "SDES-off", so presumably then we are using DTLS?
Are either SDES or DTLS considered more secure or "better" in any way? On Wed, 10 Apr 2024 at 10:32, Richard Fuchs via sr-users < sr-users@lists.kamailio.org> wrote: > On 09/04/2024 17.40, David Cunningham via sr-users wrote: > > How does rtpengine get the TLS certificates, and what crypto library > > does it use (openssl?). > > SRTP itself doesn't use any certificates, and is not TLS. The underlying > cipher (AES) is provided by OpenSSL, while the SRTP implementation > itself is its own. > > TLS and certificates are relevant when it comes to the key exchange. > With SDES, keys are exchanged in-line and nothing else is needed. > > The other option is DTLS: Here a self-signed certificate is used > (generated at startup), and keys are exchanged using the DTLS > implementation provided by OpenSSL. The certificate's fingerprint is > exchanged in-line and that's how the peer's certificate is verified. > After the key exchange completes, the SRTP keys are extracted from the > handshake, DTLS is done, and the rest is just regular SRTP. > > Cheers > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
