Secure SIP (SIPS) Requirements

When connecting to your phone system, Fonolo offers the option of using Secure SIP (SIPS) over port TCP/5061. Although not needed or required in most cases, this connectivity option offers an extra layer of security, and can be configured for customers connecting to Fonolo using the Cloud-Based SIP integration option.

The Fonolo service will utilize secure SIP that provides encryption on data in transit, utilizing TLS with AES-256 encryption (supporting the ciphers listed below).

It will require a valid certificate signed by a known certificate authority publisher; self signed certificates will be rejected.

An optional IPSec VPN is available as an add-on to the service – for more details, see Connecting via an IPSec VPN.

Secure SIP Supported Configurations

When setting up a Secure SIP connection, Fonolo supports the following configuration options that must match what your phone system and hardware devices are capable of.

Fonolo Secure SIP:

  • Supports TLS v1.1 and TLS v1.2. SSL v2, SSL v3, and TLS v1.0 are all disabled by default.
  • Is limited to the following ciphers:
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-CHACHA20-POLY1305
    • ECDHE-RSA-CHACHA20-POLY1305
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-RSA-AES128-GCM-SHA256
    • ECDHE-ECDSA-AES256-SHA384
    • ECDHE-RSA-AES256-SHA384
    • ECDHE-ECDSA-AES128-SHA256
    • ECDHE-RSA-AES128-SHA256
    • AES128-SHA256
    • AES256-SHA256

Related Articles

Fonolo’s Status Page
Check to see the status of Fonolo's core services. Any incidents that may occur will be reported here.
Check Status