VoIP: SIP-over-TLS and sRTP

as of April 2019. Some like Lancom call this feature ‘Voice over Secure IP’ (VoSIP). Some like innovaphone call it ‘SIP Secure’ (SIPS).

The idea was to test sRTP (with SIP-over-TLS at 192 bit) over IPv6 (with DSCP EF). Additionally for SIP, Session Timers, Compact Form, SHA-2 Digest, and DNS-NAPTR were enabled on the server. Below is the configuration of each phone. That should enable you to add that phone to your own VoIP/SIP provider like Digium Asterisk, DUStel, or Easybell Germany. In March 2019, Easybell added the server secure.sip.easybell.de which encrypts always. That was not tested by me, yet. Instead, I used the optional encryption server, which is still available at sip.easybell.de. IPv6 got its own sub-page …

Client for Mobile Phone (Softphone)

  1. Acrobits Groundwire
  2. Antisip
  3. Belledonne Linphone
  4. BroTecs Skylar
  5. CounterPath Bria Mobile
  6. (not available anymore) Media5-fone Pro
  7. (not available anymore) Mocana KeyTone Pro
  8. PortSIP Softphone
  9. Securax Zoiper
  10. Softil BEEHD
  11. (not available anymore) Voipswitch Join
  12. Xnet ALL IP Home

Client for Computer (Softphone)

  1. Blink
  2. (in progress) Jami
  3. Jitsi Desktop

Many of the softphones, like Bria and Linphone, are not only available for Apple iOS or Google Android but also for computer systems like Debian/Ubuntu and Microsoft Windows.

Back-to-Back User Agent (B2BUA)

  1. CommuniGate Pro
  2. Digium Asterisk:
  3. SignalWire FreeSWITCH

Internet-Access Device (iAD)

Some network operators call those Customer-Premises Equipment (CPE) which is the broader term for such DSL modems.

  1. AVM
  2. bintec elmeg
  3. DrayTek
  4. LANCOM Systems
  5. Zyxel Sphairon (removed TLS for generic accounts)

Desk Phone

  1. Akuvox
  2. ALE
  3. Ascom
  4. Atcom
  5. AudioCodes
  6. Auerswald
  7. Avantec
  8. Avaya
  9. Cisco Sipura
  10. Digium
  11. Ericsson-LG iPECS
  12. Escene
  13. Fanvil
  14. Flyingvoice
  15. Gigaset
  16. Grandstream
  17. Htek
  18. Huawei
  19. innovaphone
  20. (not tested, yet) Intelbras IP TIP 125
  21. Mitel:
  22. (not tested, yet) NEC
  23. Panasonic
  24. Polycom:
  25. RTX
  26. Samsung
  27. Snom
  28. Spectralink
  29. Ubiquiti (not tested, removed in favour of UniFi Talk)
  30. Unify
  31. VTech
  32. Yealink

All manufacturers above faced at least one security issue. Many of them had fixed the issue(s) when publicly presented in March 2019. Manufacturers in red failed in April 2020 = twelve months later, to fix their remaining security issues. Manufacturers in blue failed in October 2019 = six months later, to fix their remaining security issues. The following manufacturers are/seem to be out of business: CEM Solutions (brand: ALLO CIP-100), Moimstone (brand Apivio), and Tecom (brand Mocet). Technicolor (former Thomson) used sRTP in the past but I am not aware of any current implementation, which offers sRTP. If you know more VoIP/SIP manufacturers with sRTP for voice and HTTPs for their Web interface, please, notify me!