[SoLost]

How does the SRTP key negotiation work? I have read somewhere that SRTP is different from ZRTP in that it requires of key management... which I don't understand, and I wonder if for a SRTP negotiation to be safe, public keys should have been shared before establishing the SRTP connection.

Setting up a 3CXPhone5 RTP mode to "only srtp", makes it crash if the other party has "normal" RTP, but works fine if both parties has "only srtp" mode. In the later case, is the key negotiation safe against a man in the middle attack or we need to use something like Zfone?

Sorry if I am too newbie. All this is new stuff for me, and I would really appreciate some info on this.
Thanks

[SoLost]

Here are two links that answer my question:

http://www.voipsa.org/pipermail/voipsec ... 00656.html

http://www.mail-archive.com/users@lists ... 07116.html


Since most likely the SRTP key negotiation/exchange method is SDES, tls for connecting to the Sip provider's servers (in my case iptel.org) is needed in order to avoid srtp key leakage.

Since, my first question has been solved, I think I will be creating another thread with these two questions:
- How to connect to iptel.org using tls (how to create the certificate)
- Will 3CXPhone support ZRTP (which avoids the hassle of tls connections with the sip provider)

[Vali_3CX]

Setting up a 3CXPhone5 RTP mode to "only srtp", makes it crash if the other party has "normal" RTP

Hi
We checked for this issue and it happen also in 3CXPhone ver 6. It will be fixed in the next release.
Thanks for spotting it!
Regards
vali

P.S until then, a trick to avoid this crash is to open 3CXPhone's (the one configured to use only srtp) Preferences dialog and there uncheck the "Allow video calls", then click OK.