Follow

Encryption Policy

 Q: Does OnSIP support encrypted communication?

A: Yes.

The OnSIP App (browser, desktop and mobile apps) completely supports encrypted communication using SIP over WebSocket Secure (RFC 7118) in conjunction with DTLS-SRTP.

For phones registered via TLS to edge.sip.onsip.com all calls to and from the device will be encrypted via SDES-SRTP. This option can be enabled for Polycom VVX phones via the admin portal.

For other devices/phones that do not support DTLS-SRTP or SDES-SRTP or are not using encryption at all, OnSIP will still encrypt as much of the call as it can. OnSIP will use a media gateway to preserve the encrypted sessions from your device to the OnSIP network, which allows for complete interoperation with any SIP destination including all OnSIP hosted applications (e.g. Attendant Menu, Business Hour Rules, etc.) and the PSTN (public switched telephone network e.g. land lines and mobile phones). In those cases, the call will still be encrypted across the Internet between the device and the OnSIP network.

Note: Starting in April 2020, if your phone is set for TLS you *MUST* use SRTP. If your phone does not support SRTP, you must disable TLS in order for calls to work with OnSIP.

Technical Details

The table below outlines how OnSIP handles SDP offers in different scenarios. In some cases OnSIP will pass-thru what the UAC (User Agent Client - the caller) offers. In other cases OnSIP will transform what it offered to meet the known or expected needs of the UAS (User Agent Server - the callee). Similarly, OnSIP will treat offers from the UAS (which occurs when the UAC does not provide an SDP offer) to a UAC differently depending on the signaling transport used by the UAC.

 

UAC Offers

UDP/TCP/PSTN/App

TLS

WSS

UDP/TCP/PSTN/App

RTP/RTP

RTP/SRTP

RTP/DTLS

TLS

SRTP/RTP

SRTP/SRTP

SRTP/DTLS

WSS

DTLS/RTP

DTLS/SRTP

DTLS/DTLS

 

Updated September 2020

Was this article helpful?
0 out of 0 found this helpful

Comments