AudioCodes Mediant 4000 SBC User Manual page 431
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
CHAPTER 19 Coders and Profiles
Parameter
'SBC Media Security Method'
sbc-media-security-
method
[IpProfile_
SBCMediaSecurityMethod]
'Reset SRTP Upon Re-key'
reset-srtp-upon-re-key
[IpProfile_
ResetSRTPStateUponRekey]
Description
■
[1] Enforce = Device changes the MKI length
according to the settings of the IP Profile parameter,
MKISize.
Defines the media security protocol for SRTP, for the SIP
entity associated with the IP Profile.
■
[0] SDES = (Default) The device secures RTP using
the Session Description Protocol Security Descriptions
(SDES) protocol to negotiate the cryptographic keys
(RFC 4568). The keys are sent in the SDP body
('a=crypto') of the SIP message and are typically
secured using SIP over TLS (SIPS). The encryption of
the keys is in plain text in the SDP. SDES implements
TLS over TCP.
■
[1] DTLS = The device uses Datagram Transport Layer
Security (DTLS) protocol to secure UDP-based media
streams (RFCs 5763 and 5764). For more information
on DTLS, see
SRTP using DTLS
■
[2] Both = SDES and DTLS protocols are supported.
Note:
■
To support DTLS, you must also configure the following
for the SIP entity:
✔
TLS Context for DTLS (see
Certificate
Contexts). The server cipher ('Cipher
Server') must be configured to All.
✔
IpProfile_SBCMediaSecurityBehaviourMedia
configured to SRTP or Both.
✔
IpProfile_SBCRTCPMux configured to Supported.
The setting is required as the DTLS handshake is
done for the port used for RTP. Therefore, RTCP
and RTP should be multiplexed over the same port.
■
The device does not support forwarding of DTLS
transparently between endpoints (SIP entities).
■
As DTLS has been defined by the WebRTC standard
as mandatory for encrypting media channels for SRTP
key exchange, the support is important for deployments
implementing WebRTC. For more information on
WebRTC, see WebRTC.
Enables synchronization of the SRTP state between the
device and a server when a new SRTP key is generated
upon a SIP session expire. This feature ensures that the
roll-over counter (ROC), one of the parameters used in the
SRTP encryption/decryption process of the SRTP packets
is synchronized on both sides for transmit and receive
packets.
■
[0] Disable = (Default) ROC is not reset on the device
side.
- 398 -
Mediant 4000 SBC | User's Manual
Protocol.
Configuring TLS
Advertisement
Table of Contents
Troubleshooting
