Jump to content

How to check if TLS is actually used on SIP trunks?


Recommended Posts


I have some SIP trunks to SIP/Voip providers: Skype and a Swiss provider (Winet.ch) .

I'm trying figure out how to achieve only TLS encrypted traffic on these connections.

I find it tricky as I can't force TLS (neither service responds to port 5061 ), but DNS SRV records seem to be used.

Is there a "best practice" way to make sure that only TLS is used?



Link to comment
Share on other sites

In the old days we had actually a setting on the trunk that had the PBX assume that they are secure (e.g. PSTN gateways that are sitting just next to the PBX) and we tried to promote the end-to-end encryption. Nobody cared. Honestly I don't know if the end-to-end encryption is still enforced. Anyway the phones would have to request it by using a sips Request-URI if I remember correctly.

Link to comment
Share on other sites

The old snom phone models had a way to send sips Request-URI. Not sure if other devices or soft phones can do that today; but this is (IMHO) the way to tell the PBX that this call should be encrypted. 

The other thing that you can try is ZRTP end-to-end encryption. The PBX also supports that. But then both endpoints need to support this; for SIP trunks this will be very difficult.

The VoIP security market is hard to understand. Lots of bla bla about VoIP security. We have tried a few things, even made our own firmware with ZRTP with elliptic curves for snom phone hardware; but the feedback was simple that there is no market for this at least from our perspective. The only thing that seems to sell are UDP-based SIP trunks. If you want to get all the traffic to a certain country, all you need to do is offer the lowest rates and users happily route all calls through your network, everything in plain RTP.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...