https://stackoverflow.com/questions/23193035
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWith regards to SIP, Asterisk (via chan_sip) supports encryption of both the signalling and the media. Arheops comment that Asterisk 1.8 doesn't support encryption is incorrect; this is true in Asterisk 1.8 and all later versions. For more information, see the Secure Calling section on the Asterisk wiki.
Signalling is encrypted using OpenSSL (yes, the one with the vulnerability. Upgrade if you haven't). It defers encryption of the SIP signalling to OpenSSL. Which cipher is used is dependent on the version of OpenSSL you have installed, as well as what you configure in sip.conf, via the tlscipher option.
;tlscipher=<SSL cipher string>
; A string specifying which SSL ciphers to use or not use
; A list of valid SSL cipher strings can be found at:
; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
;
Asterisk supports encryption of the media in one of two ways. The first, supported in Asterisk 1.8 and later, is SDES-SRTP, via the libsrtp library. libsrtp uses AES as the default cipher.
As SDES-SRTP has to exchange keys in plain text in the signalling, another method of encrypting the media is available in Asterisk 11 and later, DTLS-SRTP. This uses OpenSSL's DTLS capabilities (available in more recent versions) to exchange the keys between the participants in the encrypted media stream. Note that this is the mechanism mandated by WebRTC (whereas SDES-SRTP got slapped down with a "SHOULD NOT" be implemented).
On a final note, in Asterisk 12, the new SIP stack (based on PJSIP), also supports all of these various encryption mechanisms.
