We would like to enable both TLS and SRTP on all of our phone calls. I've configured everything server-side for both to work, and they both work if I configure them manually on either a deskphone or a 3CXPhone. TLS has not been a problem: install the certificate beforehand via Group Policy, check the "Enable Secure SIP (TLS)" checkbox in Management Console, send new provisioning file to user and double-click it, and TLS is working. SRTP seems like it should be the same, but I've run into something that makes no sense to me, so I wonder if it's a bug. I create a brand-new extension, nothing configured special. Open the extension in Management Console. Click the "Enable Secure SIP (TLS)" checkbox and click Apply. By comparing versions of the files, I can tell that in the 3CXPhone provisioning file it changes PBXSipPort from 5060 to 5061 and it sets SIPTransport from 0 to 2. That makes sense. Next, I click the "Switch on Secure RTP (SRTP)" checkbox and click Apply. However, the 3CXPhone provisioning file does not change at all: the Date Modified changes, so the system did something with it, but comparing the the "after" version of the file with the "before" version shows no difference. All 3CX has to do with the provisioning file is change RTPTransport from blank to "2"; I know that because if I edit the provisioning file manually that works. So why doesn't clicking the checkbox do this? Especially compared to the TLS setting it really seems like it should. I thought of making a script that would go through the provisioning folder and change every occurrence of <RTPTransport /> to <RTPTransport>2<RTPTransport/> regularly, but the Management Console re-creates the provisioning file just before emailing it every time I click "Send Welcome Email", so even a script like that won't allow me to configure clients for SRTP from the Management Console via the welcome email process. I can only do it by going to each computer and clicking through the settings on the softphone to select the option. This doesn't seem right. Am I missing something?