Follow

Encryption Policy

 Q: Does OnSIP support encrypted communication?

A: Yes.

The OnSIP App (browser, desktop and mobile apps) completely supports encrypted communication using SIP over WebSocket Secure (RFC 7118) in conjunction with DTLS-SRTP.

For other devices/phones that do not support DTLS or are not using encryption at all, OnSIP will still encrypt as much of the call as it can. OnSIP will use a gateway to preserve the encrypted sessions from the OnSIP APP to your device, which allows for complete interoperation with any SIP destination including all OnSIP hosted applications (e.g. Attendant Menu, Business Hour Rules, etc.) and the PSTN (public switched telephone network e.g. land lines and mobile phones). In those cases, the call will still be encrypted across the Internet between the OnSIP App and the OnSIP network.

Q: Does OnSIP support encrypted communication using SRTP?

A: Yes. 

For any user agent registered via TLS, all calls to or from that device will be done with SRTP.

For other devices/phones that do not support SRTP or are not using encryption at all, OnSIP will still encrypt as much of the call as it can. OnSIP will use a gateway to preserve the encrypted sessions from a TLS/SRTP device, which allows for complete interoperation with any SIP destination including all OnSIP hosted applications (e.g. Attendant Menu, Business Hour Rules, etc.) and the PSTN (public switched telephone network e.g. land lines and mobile phones). In those cases, the call will still be encrypted across the Internet between the OnSIP App and the OnSIP network.

Note: Starting in April 2020, if your phone is set for TLS you *MUST* use SRTP. If your phone does not support SRTP, you must disable TLS in order for calls to work with OnSIP.

Technical Details

The table below outlines how OnSIP handles SDP offers in different scenarios. In some cases OnSIP will pass-thru what the UAC (User Agent Client - the caller) offers. In other cases OnSIP will transform what it offered to meet the known or expected needs of the UAS (User Agent Server - the callee). Similarly, OnSIP will treat offers from the UAS (which occurs when the UAC does not provide an SDP offer) to a UAC differently depending on the signaling transport used by the UAC.

 

UAC Offers

UDP/TCP/PSTN/App

TLS

WSS

UDP/TCP/PSTN/App

RTP/RTP

RTP/SRTP

RTP/DTLS

TLS

SRTP/RTP

SRTP/SRTP

SRTP/DTLS

WSS

DTLS/RTP

DTLS/SRTP

DTLS/DTLS

 

Updated March 2020

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments