Secure SIP using TLS (SIPS)
It's crucial that you implement the TLS-over-TCP protocol to secure the device's SIP signaling connections. TLS provides encryption and authentication of SIP signaling for your VoIP traffic, preventing tampering of calls. Use it whenever possible for far-end users and ITSPs.
The device's TLS feature supports the following:
| ■ | TLS: TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 |
| ■ | DTLS: DTLS 1.0 and DTLS 1.2 |
| ■ | Cipher: TLS cipher suites for server and client roles (per OpenSSL syntax) |
| ■ | Authentication: X.509 certificates |
| ■ | Certificate revocation checking: OCSP (CRLs are currently not supported) |
| ■ | Receipt of wildcards ('*') in X.509 Certificates when establishing TLS connections. These wildcards can be part of the CN attribute of the Common Name field or the DNSName attribute of the Subject Alternative Name field. |
Recommended security guidelines for ensuring TLS for SIP signaling are described in the subsequent subsections.