Q: Does OnSIP support encrypted communication?

A: Yes.

The OnSIP App (browser, desktop, and mobile apps) completely supports encrypted communication using SIP over WebSocket Secure (RFC 7118) in conjunction with DTLS-SRTP.

For phones registered via TLS to edge.sip.onsip.com, all calls to and from the device will be encrypted via SDES-SRTP. This option can be enabled for Polycom VVX phones via the admin portal.  If you are enabling this feature for the first time, the phone should be rebooted to pick up the change.

For other devices/phones that do not support DTLS-SRTP or SDES-SRTP or are not using encryption at all, OnSIP will still encrypt as much of the call as it can. OnSIP will use a media gateway to preserve the encrypted sessions from your device to the OnSIP network, which allows for complete interoperation with any SIP destination including all OnSIP hosted applications (e.g. Attendant Menu, Business Hour Rules, etc.) and the PSTN (public switched telephone network e.g. landlines and mobile phones). In those cases, the call will still be encrypted across the Internet between the device and the OnSIP network.

Note: Starting in April 2020, if your phone is set for TLS you *MUST* use SRTP. If your phone does not support SRTP, you must disable TLS in order for calls to work with OnSIP.

Technical Details

The table below outlines how OnSIP handles SDP offers in different scenarios. In some cases, OnSIP will pass-thru what the UAC (User Agent Client - the caller) offers. In other cases, OnSIP will transform what is offered to meet the known or expected needs of the UAS (User Agent Server - the callee). Similarly, OnSIP will treat offers from the UAS (which occurs when the UAC does not provide an SDP offer) to a UAC differently depending on the signaling transport used by the UAC.