[SR-Users] Re: [EXTERNAL] Kamailio with rtpengine for RTP encryption/decryption

On 09/04/2024 17.40, David Cunningham via sr-users wrote: SRTP itself doesn't use any certificates, and is not TLS. The underlying cipher (AES) is provided by OpenSSL, while the SRTP implementation itself is its own. TLS and certificates are relevant when it comes to the key exchange. With SDES, keys are exchanged in-line and nothing else is needed. The other option is DTLS: Here a self-signed certificate is used (generated at startup), and keys are exchanged using the DTLS implementation provided by OpenSSL. The certificate's fingerprint is exchanged in-line and that's how the peer's certificate is verified. After the key exchange completes, the SRTP keys are extracted from the handshake, DTLS is done, and the rest is just regular SRTP. Cheers