Skip to main content

TLS & SRTP

Posted by mattdarnell on Thu, 05/30/2019

Anyone tried to use TLS & SRTP with version 9 of MTE with a Let's Encrypt cert?

Can you do it for only some tenants?


Submitted by netriplex on Fri, 05/31/2019 Permalink

I do not know about it working with a Lets Encrypt certificate, however, when we were using Thirdlane, we had it configured even more granular. We could select TLS on a per extension basis. The big issue we had and reported to Thirdlane numerous times and I don't know if it was ever fixed is that when an extension switched to use Connect, Thirdlane would not save the settings needed for the TLS connection to work when switching back to the desk phone.

For us anyway, using TLS which runs over TCP solved some issues related to customers home cable modems and home routers and the like blocking SIP traffic. Easier to do this than to tell a customer they needed to buy a new router to use our service. this didn't work 100% of the time FYI, but it did help enough.

Depending on the phone model and if you were using the provisioning system or not, we did have to customize a lot of the phone templates. We essentially added options to the phone templates to use TLS and/or SRTP. The downside is that once you do this, you can no longer update the templates that Thirdlane pushes or it will overwrite your customized templates. This wasn't an issue for us as we preferred our templates to the very inflexible Thirdlane ones anyway.

An alternative way could be to create NEW phone "models" with TLS/SRTP enabled that way the base templates can still be updated by Thirdlane without affecting your customizations. For example create a Polycom VVX400/410-Secure template to go along side the base Polycom VVX400/410.