Does anyone know if it is possible that there is no performance (CPU, network traffic) difference between RTP and SRTP (or ZRTP)?
RFC 3711 says ’ None of the pre-defined encryption transforms uses any padding; for these, the RTP and SRTP payload sizes match exactly.’
Which, probably because I haven’t read or attempted to understand it, surprises me.
I would still expect a measurable difference in CPU.
How do you confirm you’re actually using SRTP? Wireshark? Can Wireshark play the RTP?
Does this yield any clues:
Ah OK thanks
At first I only measured by reading in htop, there were very irregular values, but a difference between RTP and SRTP.
And now I measure with the command “top | grep asterisk”. Maybe I’m making the mistake here.
I use the “Blink” softphone. Here you can see through the “door lock” symbol that it is encrypted. In Wireshark I see that instead of RTP there is only UDP and only encrypted. However, I am no longer sure whether I only encrypt using the softphone or really need the certificates. I still have to find out exactly.
or do I have to consider other processes as well?
If you do just a single call, you should not see much, any difference. If you are about performance with several calls, make sure your libSRTP was compiled with OpenSSL support. Then, libSRTP leverages AES-IN of modern processors. For example, the Debian package of libSRTP is not OpenSSL enhanced.
By the way, if you are using Blink from AG Projects, you need to have two padlock icons, one for SIP-over-TLS and one for SDES-sRTP. The tool tip of the icon(s) state which you have. And when it comes to SIP-over-TLS, the underlying library of Blink faces a bug…
That TLS certificate is only required if you want SIP-over-TLS. However, because SDES-sRTP transmits the key in clear text over SIP, you have to encrypt SIP to make sure nobody else sees your SDES-sRTP key.