Secure Real Time Protocol (SRTP) is a media encryption standard that provides encryption of RTP media streams for SIP and 9600-series IP telephones. SRTP is defined in RFC 3711.
The following SRTP features are supported by Communication Manager Release 4.0 and later:
Encryption of RTP. Encryption is optional, but recommended.
Authentication of RTCP streams. Authentication of RTCP streams is mandatory.
Authentication of RTP streams. Authentication of RTP streams is optional, but recommended.
Protection against replay.
The following SRTP features are not supported by Communication Manager:
Several automatic rekeying schemes
Other options within SRTP that are not expected to be used for VoIP, such as key derivation rates or MKIs
Previous releases of Communication Manager supported AEA and AES media encryption for H.323 calls, however no media encryption was available for SIP calls. Starting with Release 4.0, SRTP provides encryption and authentication of RTP streams for SIP. SRTP also provides authentication of RTP and RTCP for SIP and H.323 calls using the 9600-series telephones.
SRTP encryption of FAX and modem relay and T.38 is not supported. FAX and modem relay and T.38 are not transmitted in RTP. Therefore, where an SRTP voice call changes to a fax relay, fax is not encrypted.
SRTP is available only if :
In Communication Manager Release 7.0 and later, you can use the Encrypted SRTCP feature to provide enhanced security for the media control streams associated with the RTP media stream.
Note:
The RTP and RTCP streams are two consecutive UDP ports. The RTCP control stream conveys usage data. An example of usage data is the identification of the two parties on a given call.
Also, in Communication Manager Release 7.0 and later, the AES encryption option now includes AES-256. AES-256 applies to voice media streams and video media streams for the IP network region that governs the ip-codec-set
