Follow

Encryption Policy

January 2019

 

Q: Does OnSIP support encrypted communication?

A: Yes.

The OnSIP App (browser, desktop and mobile apps) completely supports encrypted communication using SIP over WebSocket Secure (RFC 7118) in conjunction with DTLS-SRTP. 

For other devices/phones that do not support DTLS or are not using encryption at all, OnSIP will still encrypt as much of the call as it can.  OnSIP will use a gateway to preserve the encrypted sessions from the OnSIP APP to your device, which allows for complete interoperation with any SIP destination including all OnSIP hosted applications (e.g. Attendant Menu, Business Hour Rules, etc.) and the PSTN (public switched telephone network e.g. land lines and mobile phones).  In those cases, the call will still be encrypted across the Internet between the OnSIP App and the OnSIP network.

Q: Does OnSIP support encrypted communication using SRTP?

A: Yes.

If both ends support SRTP, OnSIP will pass thru SRTP between user agents (phones).

However, OnSIP hosted applications (i.e. Attendant Menu, Business Hour Rules, etc.) and calls to/from the PSTN do not support SRTP. Thus SRTP cannot be used for communication with OnSIP hosted applications or the PSTN.  (Note: To configure SRTP for Polycom phones see here.)  If you configure SRTP it is only available between phones that support SRTP but that call will be encrypted end to end.

In Short

In short, you can have encrypted calls between phones (desk phones or softphones) that both support SRTP or from OnSIP App to OnSIP App (which uses DTLS encryption), but you cannot make encrypted calls between SRTP encrypted calls and the OnSIP App.  Even in those cases OnSIP will still encrypt the call from the OnSIP app across the Internet.

Technical Details

The table below outlines how OnSIP handles SDP offers in different scenarios. In some cases OnSIP will pass-thru what the UAC (User Agent Client - the caller) offers. In other cases OnSIP will transform what it offered to meet the known or expected needs of the UAS (User Agent Server - the callee). Similarly, OnSIP will treat offers from the UAS (which occurs when the UAC does not provide an SDP offer) to a UAC differently depending on the signaling transport used by the UAC.

 

UAC Offers

UAS OnSIP Registered WS/WSS

UAS OnSIP Registered UDP/TCP/TLS

UAS Off Network

UAS OnSIP Application

RTP

DTLS-SRTP

RTP

RTP

RTP

SRTP

DTLS-SRTP

SRTP

SRTP

Unsupported

DTLS-SRTP

DTLS-SRTP

RTP

RTP

RTP

Other

Unsupported

Unsupported

Unsupported

Unsupported

         

UAS Offers

UAC Signalling WS/WSS

UAC SIgnalling UDP/TCP

   

RTP

DTLS-SRTP

RTP

   

SRTP

DTLS-SRTP

SRTP

   

DTLS-SRTP

DTLS-SRTP

RTP

   

Other

Unsupported

Unsupported

   
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk