At Simwood we support both TLS and SRTP to enable fully secure calling from your platform to us.
TLS (Transport Layer Security) allows you to encrypt the signalling between your platform and ours to ensure signalling (such as INVITEs, 183s with valuable SDP etc) is kept private.
SDES (Session Description Protocol Security Descriptions) allows you to negotiate SRTP (Secure Real Time Protocol) to secure the media (audio) from a call.
To configure these for outbound calls, simply send an INVITE to out.simwood.com:5061 (as per our SIP outbound interop) with both TLS and SDES enabled and the relevant cryptos will be negotiated during call setup to start up the secure sessions.
To configure TLS and SDES for inbound calls:
On our portal, go to Inbound Numbers
Configure the desired number
Edit the SIP endpoint to have ;transport=tls at the end - for example %firstname.lastname@example.org:5061;transport=tls (NOTE: Many platforms will require a specific port)
SDES can be set to either Optional or Required (as desired) within the SIP endpoint:
NOTE: You can configure TLS without SDES/SRTP but you cannot set SDES/SRTP without TLS.
Troubleshooting secure calls can be difficult as traditional packet-sniffing methods (such as using sngrep) won’t work unless you load the correct private key (intentionally of course - this is the whole point of TLS and SRTP!).
Many popular platforms support HEP Homer Encapsulation Protocol (currently in the process of being renamed to Extensible Encapsulation Protocol). This will enable an application to send a second copy of the packet to a reporting platform (There are many including SIP3 and Homer) that can parse the packet and allow you to view SIP traces on the platform.
Please be aware that we may struggle to diagnose issues on secure calls unless you are able to provide decrypted packet captures.
Although we do not recommend certificate pinning as we may make changes to our certificates during maintenance, please find a copy of the current public certificate for out.simwood.com attached.