Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

SRTP key negotiation, safe out of the box?

Discussion in 'Windows' started by SoLost, May 16, 2011.

Thread Status:
Not open for further replies.
  1. SoLost

    Joined:
    May 13, 2011
    Messages:
    4
    Likes Received:
    0
    How does the SRTP key negotiation work? I have read somewhere that SRTP is different from ZRTP in that it requires of key management... which I don't understand, and I wonder if for a SRTP negotiation to be safe, public keys should have been shared before establishing the SRTP connection.

    Setting up a 3CXPhone5 RTP mode to "only srtp", makes it crash if the other party has "normal" RTP, but works fine if both parties has "only srtp" mode. In the later case, is the key negotiation safe against a man in the middle attack or we need to use something like Zfone?

    Sorry if I am too newbie. All this is new stuff for me, and I would really appreciate some info on this.
    Thanks
     
  2. SoLost

    Joined:
    May 13, 2011
    Messages:
    4
    Likes Received:
    0
    Here are two links that answer my question:

    http://www.voipsa.org/pipermail/voipsec_voipsa.org/2005-August/000656.html

    http://www.mail-archive.com/users@lists.kamailio.org/msg07116.html


    Since most likely the SRTP key negotiation/exchange method is SDES, tls for connecting to the Sip provider's servers (in my case iptel.org) is needed in order to avoid srtp key leakage.

    Since, my first question has been solved, I think I will be creating another thread with these two questions:
    - How to connect to iptel.org using tls (how to create the certificate)
    - Will 3CXPhone support ZRTP (which avoids the hassle of tls connections with the sip provider)
     
  3. Vali_3CX

    Vali_3CX Well-Known Member
    Staff Member 3CX Support

    Joined:
    Dec 12, 2008
    Messages:
    1,527
    Likes Received:
    71
    Hi
    We checked for this issue and it happen also in 3CXPhone ver 6. It will be fixed in the next release.
    Thanks for spotting it!
    Regards
    vali

    P.S until then, a trick to avoid this crash is to open 3CXPhone's (the one configured to use only srtp) Preferences dialog and there uncheck the "Allow video calls", then click OK.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.