https://community.sinch.com/t5/Elastic-SIP-Trunking/How-do-I-use-encryption-with-Elastic-SIP-Trunking/ta-p/16691 <DIV class="lia-message-template-content-zone"> <P>All Sinch Elastic SIP Trunks support TLS and SRTP natively. For more information on TLS/SRTP encryption and the benefits of using it, please read more <A href="https://sinch.com/glossary/tlssrtp/" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P>To make encrypted calls with TLS simply send calls to your SIP Trunk FQDN on port 5061.&nbsp; &nbsp;This port can only be used for TLS, and non-TLS calls will fail. &nbsp;SRTP must be used when making a TLS call.</P> <P>&nbsp;</P> <P>To ensure we send calls to your infrastructure using TLS go into your SIP Endpoint on your SIP Trunk and change the transport protocol to “TLS”.&nbsp; Note, that the port on your SIP endpoint will update automatically to port 5061.&nbsp; In the event your infrastructure is listening for TLS connections on a non-standard port simply change the port manually to the correct value.</P> <P>&nbsp;</P> <span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="est tls.png" style="width: 999px;"><img src="https://community.sinch.com/t5/image/serverpage/image-id/5541i6D1A40DD6596D884/image-size/large?v=v2&amp;px=999" role="button" title="est tls.png" alt="est tls.png" /></span> <P>&nbsp;</P> <P>Congratulations, your Sinch Elastic SIP Trunk is now configured to use encryption!&nbsp; It’s that easy.</P> <P>&nbsp;</P> <H3>Let's Encrypt Certificates</H3> <P>&nbsp;</P> <P>Sinch Elastic SIP Trunking uses TLS certificates secured by Let’s Encrypt.&nbsp; If your TLS SIP Infrastructure does not already trust certificates from this Certificate Authority you can download the Let’s Encrypt Root Certificate and associate Intermediate certificates here: <A href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fletsencrypt.org%2Fcertificates%2F&amp;data=05%7C02%7CAlex.Sberna%40sinch.com%7Cc42dd4b7ec6240fb8a5808dcf82e39cf%7C3b518aae89214a7b8497619d756ce20e%7C0%7C0%7C638658124711395957%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&amp;sdata=hk%2F5YSKSpDw6fe7sIUsCsESl6kIkpZVVuRPS8v4gg0Y%3D&amp;reserved=0" target="_blank" rel="noopener">https://letsencrypt.org/certificates/</A></P> <P>&nbsp;</P> <H3>Cypher Suite Support</H3> <P>&nbsp;</P> <P>Sinch trusts all well-known Certificate Authorities. &nbsp;This ensures we will not have any trust issues when your infrastructure presents its certificate on inbound calls.</P> <P>&nbsp;</P> <P>For negotiation Sinch supports the following Cypher Suites for both TLS and SRTP.</P> <P>&nbsp;</P> <P><STRONG><U>TLSv1.2</U></STRONG></P> <P>&nbsp;</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CCM</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CCM</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</P> <P>&nbsp;</P> <P><U><STRONG>TLSv1.3</STRONG> </U></P> <P>&nbsp;</P> <P>TLS_AES_256_GCM_SHA384</P> <P>TLS_CHACHA20_POLY1305_SHA256</P> <P>TLS_AES_128_GCM_SHA256</P> </DIV> Tue, 29 Oct 2024 17:52:48 GMT Alex_Sberna 2024-10-29T17:52:48Z https://community.sinch.com/t5/Elastic-SIP-Trunking/How-do-I-use-encryption-with-Elastic-SIP-Trunking/ta-p/16691 <DIV class="lia-message-template-content-zone"> <P>All Sinch Elastic SIP Trunks support TLS and SRTP natively. For more information on TLS/SRTP encryption and the benefits of using it, please read more <A href="https://sinch.com/glossary/tlssrtp/" target="_blank" rel="noopener">here</A>.</P> <P>&nbsp;</P> <P>To make encrypted calls with TLS simply send calls to your SIP Trunk FQDN on port 5061.&nbsp; &nbsp;This port can only be used for TLS, and non-TLS calls will fail. &nbsp;SRTP must be used when making a TLS call.</P> <P>&nbsp;</P> <P>To ensure we send calls to your infrastructure using TLS go into your SIP Endpoint on your SIP Trunk and change the transport protocol to “TLS”.&nbsp; Note, that the port on your SIP endpoint will update automatically to port 5061.&nbsp; In the event your infrastructure is listening for TLS connections on a non-standard port simply change the port manually to the correct value.</P> <P>&nbsp;</P> <span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="est tls.png" style="width: 999px;"><img src="https://community.sinch.com/t5/image/serverpage/image-id/5541i6D1A40DD6596D884/image-size/large?v=v2&amp;px=999" role="button" title="est tls.png" alt="est tls.png" /></span> <P>&nbsp;</P> <P>Congratulations, your Sinch Elastic SIP Trunk is now configured to use encryption!&nbsp; It’s that easy.</P> <P>&nbsp;</P> <H3>Let's Encrypt Certificates</H3> <P>&nbsp;</P> <P>Sinch Elastic SIP Trunking uses TLS certificates secured by Let’s Encrypt.&nbsp; If your TLS SIP Infrastructure does not already trust certificates from this Certificate Authority you can download the Let’s Encrypt Root Certificate and associate Intermediate certificates here: <A href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fletsencrypt.org%2Fcertificates%2F&amp;data=05%7C02%7CAlex.Sberna%40sinch.com%7Cc42dd4b7ec6240fb8a5808dcf82e39cf%7C3b518aae89214a7b8497619d756ce20e%7C0%7C0%7C638658124711395957%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&amp;sdata=hk%2F5YSKSpDw6fe7sIUsCsESl6kIkpZVVuRPS8v4gg0Y%3D&amp;reserved=0" target="_blank" rel="noopener">https://letsencrypt.org/certificates/</A></P> <P>&nbsp;</P> <H3>Cypher Suite Support</H3> <P>&nbsp;</P> <P>Sinch trusts all well-known Certificate Authorities. &nbsp;This ensures we will not have any trust issues when your infrastructure presents its certificate on inbound calls.</P> <P>&nbsp;</P> <P>For negotiation Sinch supports the following Cypher Suites for both TLS and SRTP.</P> <P>&nbsp;</P> <P><STRONG><U>TLSv1.2</U></STRONG></P> <P>&nbsp;</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CCM</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</P> <P>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CCM</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</P> <P>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</P> <P>&nbsp;</P> <P><U><STRONG>TLSv1.3</STRONG> </U></P> <P>&nbsp;</P> <P>TLS_AES_256_GCM_SHA384</P> <P>TLS_CHACHA20_POLY1305_SHA256</P> <P>TLS_AES_128_GCM_SHA256</P> </DIV> Tue, 29 Oct 2024 17:52:48 GMT https://community.sinch.com/t5/Elastic-SIP-Trunking/How-do-I-use-encryption-with-Elastic-SIP-Trunking/ta-p/16691 Alex_Sberna 2024-10-29T17:52:48Z