Hi Richard and Alex,
Thank you very much for the information. In our Kamailio configuration the rtpengine_manage() lines have "SDES-off", so presumably then we are using DTLS?
Are either SDES or DTLS considered more secure or "better" in any way?
On Wed, 10 Apr 2024 at 10:32, Richard Fuchs via sr-users < sr-users@lists.kamailio.org> wrote:
On 09/04/2024 17.40, David Cunningham via sr-users wrote:
How does rtpengine get the TLS certificates, and what crypto library does it use (openssl?).
SRTP itself doesn't use any certificates, and is not TLS. The underlying cipher (AES) is provided by OpenSSL, while the SRTP implementation itself is its own.
TLS and certificates are relevant when it comes to the key exchange. With SDES, keys are exchanged in-line and nothing else is needed.
The other option is DTLS: Here a self-signed certificate is used (generated at startup), and keys are exchanged using the DTLS implementation provided by OpenSSL. The certificate's fingerprint is exchanged in-line and that's how the peer's certificate is verified. After the key exchange completes, the SRTP keys are extracted from the handshake, DTLS is done, and the rest is just regular SRTP.
Cheers
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: