This feature lets rtpproxy act as an srtp endpoint, allowing it to encrypt outgoing rtp streams and decrypt incoming media streams. This should increase overall security of media proxying.
Management
- DTLS encryption is available starting from Sippy 2023 version.
- Enabling/disabling of encryption is performed per-connection by setting "DTLS.local" as "Outbound Proxy" and force Media Relay to be always enabled.
This way the call with non-encrypted RTP would be received from the Caller, then encryption of media would be agreed with Vendor that has Outbound Proxy = DTLS.local configured on Connection. As a result the media between Caller and Sippy would be sent without encryption (RTP) but between Sippy and Vendor with encryption (SRTP).
Example of the setup of Vendor-Connection:
Example of the setup for Linphone registered on Vendor’s side to receive the calls with encryption:
Troubleshooting:
Media encryption could be seen as indication on UA, or via tcpdump in SDP:
