RTP Security Negotiation

Parameter group

VoIP DTEA and DTNA Media

Access level

Admin

Possible values

Unsecured
Secure
Both

Defaults

Unsecured

Explanation

Secure RTP provides confidentiality and message authentication to RTP data. It can be used to prevent people from listening to or tampering with the audio data sent over a unsecure network like the internet. In Blueworx Voice Response, there are three possible RTP security configuration settings:

Unsecured
The default. Blueworx Voice Response does not accept secure RTP for inbound or offer secure RTP for outbound calls. Inbound calls that only offer secure RTP will be rejected with a 488 Not Accepted Here response.
Secure
Blueworx Voice Response only uses secure RTP. Inbound calls not capable of secure RTP are rejected with a 488 Not Accepted Here response, and outbound calls made by Blueworx Voice Response will only offer secure RTP.
Both
For inbound calls Blueworx Voice Response accepts secure RTP if offered, but will also accept calls if only RTP is offered. In the case of both secure RTP and RTP being offered, secure RTP will be used. For outbound calls, both secure RTP and RTP will be offered.

Partial support is provided for optional crypto session parameters (RFC 4568 section 6.3). This support is enabled when Secure RTP has been configured for either Secure or Both.

The following session parameters are fully supported:
  • UNENCRYPTED_SRTP
  • UNENCRYPTED_SRTCP
  • UNAUTHENTICATED_SRTP

All other session parameters are parsed, but are not supported. Any crypto lines containing the unsupported parameters are ignored, and treated as unsuitable matches. If there are no other suitable matches (which can be either unsecure RTP/AVP, or crypto attributes with supported session parameters) the SDP is rejected. This will result in a SIP response of 488 Not Acceptable Here.

Session parameters will never be presented on outbound SIP requests/responses. This includes outbound INVITE (make call or on hold requests) and responses to OPTIONS.

For more information, see Secure RTP.