When it comes to cloud security and protection of your data and communications, AVOXI safeguards your business from unexpected system failures, cybercrime, and natural disasters so you can focus on supporting your global audience and driving revenue. We’ve carefully architected our cloud-based infrastructure and global network of managed data centers to limit security concerns and shield your business from malicious activity.
We provide our customers the ability to use Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption, to help ensure the highest level of security for calls, we give our users the ability to establish Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP) encryption. This feature can be configured at any time from your in-application SIP connection.
In this article we discuss what TLS/SRTP is, how it works, the certificates required, and an overview on how to configure your settings. Use the below quick links to skip ahead.
- Understanding TLS/SRTP?
- AVOXI Certificate Requirements
- MS Teams - SBC Requirements
- Configuring Guides
Understanding TLS/SRTP?
TLS, or transport layer security, protocol is the top and most powerful layer responsible for securing SIP voice and media messages. This protocol uses cryptographic encryption to provide end-to-end security. TLS is best for encryption, authentication, data integrity, and secure SIP trunking in general.
The Secure Real-time Transport Protocol (SRTP) is a security framework that extends the Real-time Transport Protocol (RTP). It’s mainly intended to be used in VoIP communications to secure the actual media – the little 'packets' of data that run over the highway set up by the signaling.
TLS/SRTP with AVOXI
If configured, both TLS and SRTP are used to encrypt calls between you and AVOXI. TLS/SRTP can be used for both inbound and outbound voice services (Originating and Terminating). By default we use DTLS, however, SDES and RTP can be selected during the configuration process.
TLS/SRTP AVOXI Limitations parameters
TLS/SRTP does not apply to calls sent to or from PSTN and is not available for emergency calls (ie 911). AVOXI does not provide ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two endpoints in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol.
AVOXI Certificate Requirements
Transport Layer Security (TLS) certificates, also known as Secure Sockets Layer (SSL), work the same as HTTPS and are crucial for securing internet browser connections through data encryptions. Similar to HTTPS when a browser tries to connect using TLS the secure web certificate is sent. As a customer, you can configure and manage the TLS/SRTP within your AVOXI online portal. Certificates are used for authentication and encryption.
There is an SSL (TLS) certificate for trunk-production-us1.avoxi.com used for calls coming from the user to the AVOXI Genius platform, and peer.avoxi.io for calls leaving AVOXI Genius. As an AVOXI Administrator you are required to manually load the certificate during the configuration process to ensure the TLS connection are made (example sip.avoxi.com:5061).
Use the below steps to download the required certificate file from within your AVOXI online application.
- Navigate to the SIP Trunks section located on the left-hand navigation bar.
- Click on the SIP URIs tab.
- Select the three buttons located to the right of the "+Add" button
- Simply click on the "Download SIP URI TLS Certificate"
Detailed Configuring Guides
- SIP Forwarding in AVOXI (Inbound Forwarding)
- SIP Trunking in AVOXI (Outbound Termination / Making Calls)