TLS v1.2 or higher on Asterisk

biniyam1985 · December 12, 2018, 7:57am

Can we implemenet tls v1.2 or higher on asterisk for srtp

david551 · December 12, 2018, 9:44am

SRTP uses a stream cipher directly. There is no TLS. TLS would be used on the corresponding SIP session. I’m not sure if Asterisk supports encryption on H.323.

malcolmd · December 12, 2018, 3:10pm

For SRTP, you get [1]:

AES_CM_128_HMAC_SHA1_80
AES_CM_128_HMAC_SHA1_32
AES_CM_192_HMAC_SHA1_80
AES_CM_192_HMAC_SHA1_32
AES_CM_256_HMAC_SHA1_80
AES_CM_256_HMAC_SHA1_32
AES_GCM_128
AES_GCM_256
AES_GCM_128_8
AES_GCM_256_8

and for SIP signaling [2], you get, via the method parameter on the transport, one of the following:

tlsv1
tlsv1_1
tlsv1_2
sslv2
sslv3
sslv23

[1] - https://github.com/asterisk/asterisk/blob/b701c8b8a0b84df5acab020a8b0f68c0096b7d11/res/res_srtp.c#L267
[2] - https://wiki.asterisk.org/wiki/display/AST/Asterisk+16+Configuration_res_pjsip