Version 6.4 571 March 2012
SIP User's Manual A. Configuration Parameters Reference
A.4.3 SRTP Parameters
The Secure Real-Time Transport Protocol (SRTP) parameters are described in the table
below.
Table A-21: SRTP Parameters
Parameter Description
Web: Media Security
EMS: Enable Media Security
[EnableMediaSecurity]
Enables Secure Real-Time Transport Protocol (SRTP).
[0] Disable = SRTP is disabled (default).
[1] Enable = SRTP is enabled.
Note: For this parameter to take effect, a device reset is required.
Web/EMS: Media Security
Behavior
[MediaSecurityBehaviour]
Determines the device's mode of operation when SRTP is used (i.e.,
when the parameter EnableMediaSecurity is set to 1).
[0] Preferable = The device initiates encrypted calls. However, if
negotiation of the cipher suite fails, an unencrypted call is
established. Incoming calls that don't include encryption
information are accepted. (default)
[1] Mandatory = The device initiates encrypted calls, but if
negotiation of the cipher suite fails, the call is terminated. Incoming
calls that don't include encryption information are rejected.
[2] Disable = The IP Profile for which this parameter is set does not
support encrypted calls (i.e., SRTP).
[3] Preferable - Single Media = The device sends SDP with a
single media ('m=') line only (e.g., m=audio 6000 RTP/AVP 4 0 70
96) with RTP/AVP and crypto keys. The remote UA can respond
with SRTP or RTP parameters:
If the remote SIP UA does not support SRTP, it uses RTP and
ignores the crypto lines.
In the opposite direction, if the device receives an SDP offer
with a single media (as shown above), it responds with SRTP
(RTP/SAVP) if the EnableMediaSecurity parameter is set to 1.
If SRTP is not supported (i.e., EnableMediaSecurity is set to
0), it responds with RTP.
Notes:
Before configuring this parameter, set the EnableMediaSecurity
parameter to 1.
If this parameter is set to Preferable [3] and two 'm=' lines are
received in the SDP offer, the device prefers the SAVP (secure
audio video profile) regardless of the order in the SDP.
Option [2] Disable is applicable only to IP Profiles.
This parameter can also be configured per IP Profile, using the
IPProfile parameter (see 'Configuring IP Profiles' on page 219).
Web: Master Key Identifier
(MKI) Size
EMS: Packet MKI Size
[SRTPTxPacketMKISize]
Defines the size (in bytes) of the Master Key Identifier (MKI) in SRTP
Tx packets.
The range is 0 to 4. The default value is 0.
[EnableSymmetricMKI]
Enables symmetric MKI negotiation.
[0] = Disabled (default) - the device includes the MKI in its 200 OK
response according to the SRTPTxPacketMKISize parameter (if
set to 0, then it is not included; if set to any other value, it is
included with this value).
To Next Page
Loading...
