Scenario
The
supports encryption across the access and core networks.- Refer to the background information in Basic Service Availability - DNS.
- The supports various encryption protocols such as TLS, IPsec and SRTP.
- Since the peers are trusted in the core network, encryption protocols may not be necessary on this side.
Description
Caption |
---|
0 | Figure |
---|
1 | Encryption support |
---|
|
Image Modified |
- IADs may use secure paths, such as TLS, IPsec and SRTP for encryption.
- The performs scaling as each end point requires a separate connection/tunnel. With support for encryption protocols, the transmits the message to the core network.
DTLS Encryption
The following cipher suites are supported for DTLS encryption:
rsa-with-3des-ede-cbc-sha
rsa-with-aes-128-cbc-sha
rsa-with-aes-128-cbc-sha-256
rsa-with-aes-256-cbc-sha
rsa-with-aes-256-cbc-sha-256
rsa-with-null-sha
tls_ecdh_ecdsa_with_aes_256_cbc_sha384
tls_ecdh_ecdsa_with_aes_256_gcm_sha384
tls_ecdhe_rsa_with_aes_128_cbc_sha
tls_ecdhe_rsa_with_aes_256_cbc_sha384
SRTP Encryption
The crypto suite profile is supported with the following values for SRTP encryption:
AES-CM-128-HMAC-SHA1-32
AES-CM-128-HMAC-SHA1-80