Not applicable to SBC SWe Edge.
To create or modify an Entry to a DTLS-SRTP Profile Table:
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Media > DTLS-SRTP Profiles.
Click the Create DTLS -SRTP Profile () icon.
- Enter the field configurations. See DTLS-SRTP Profile Table Entry - Field Definitions.
Click OK.
DTLS-SRTP Profile Table Entry - Field Definitions
For detailed DTLS-SRTP configuration as part of Microsoft Direct Routing between the SBC Edge and Microsoft Teams, refer to Best Practice - Configuring SBC Edge for Microsoft Teams Direct Routing.
Description
Descriptive name of DTLS-SRTP profile. Default entry: Blank.
DTLS Version
Defines the common DTLS protocol versions the SBC supports. By default, the system accepts all DTLS protocol versions up to DTLS version 1.2. The SBC client initiates the highest supported version, up to and including DTLS version 1.2.
Valid entries: DTLS 1.0 and DTLS 1.2.
How to Use:
Up. Moves the selected entry up in priority.
Down. Moves the selected entry down in priority.
Add/Edit. Adds/edits entries.
Remove. Removes the selected entry from the list.
This field presents a multi-select widget when the Add/Edit button is clicked.
Click here for more information about using the Multi-select widget.
Mutual Authentication
DTLS Handshake Timer
Hash Type
Hash Type is used to generate the fingerprint of the SBC X.509 certificate, which is included in the SIP offer message. The fingerprint binds the DTLS key changed in the media plane to the signaling plane.
Valid options:
DTLS_MEDIA_CRYPTO_HASH_SHA1
DTLS_MEDIA_CRYPTO_HASH_SHA224
DTLS_MEDIA_CRYPTO_HASH_SHA256
DTLS_MEDIA_CRYPTO_HASH_SHA384
DTLS_MEDIA_CRYPTO_HASH_SHA512
DTLS_MEDIA_CRYPTO_HASH_MD5
DTLS Role when Answerer
Configures the DTLS Role when Answerer.
Valid options:
- Active The endpoint will initiate an outgoing DTLS connection.
- Passive The endpoint will accept an incoming DTLS connection.
Default value: Active.
Client Cipher List
Specifies the cipher suite IDs (in order of preference) as the security parameter negotiation with the peer; this list includes the cryptographic options supported by the client.
Valid options:
TLS_RSA_WITH_AES128_CBC_SHA
TLS_RSA_WITH_AES256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA3
Cookie Exchange
Crypto Suite Sequence
Specifies the comma-separated crypto suite IDs (in order of preference) to negotiate the crypto used for encryption and decryption of media.
Available options:
AES_CM_128_HMAC_SHA1_32
AES_CM_128_HMAC_SHA1_80
How to Use:
Up. Moves the selected entry up in priority.
Down. Moves the selected entry down in priority.
Add/Edit. Adds/edits entries.
Remove. Removes the selected entry from the list.
This field presents a multi-select widget when the Add/Edit button is clicked.
Click here for more information about using the Multi-select widget.
Key Identifier Length
Specifies the length of the Master Key Identifier, in bytes, sent in the SRTP packet.
The Master Key Identifier (MKI) identifies the master key from which the session key(s) were derived that authenticate and/or encrypt the particular packet.
If the MKI indicator is set to one (key identifier length > 0), the length (in octets) of the MKI field and (for the sender) the actual value of the currently active MKI (the value of the MKI indicator and length) MUST be kept fixed for the lifetime of the context.
To disable the MKI in the SDP, configure this value to 0.