When connecting to your phone system, Fonolo offers the option of using Secure SIP (SIPS) over port TCP/5061. Although not needed or required in most cases, this connectivity option offers an extra layer of security, and can be configured for customers connecting to Fonolo using the Cloud-Based SIP integration option.
The Fonolo service will utilize secure SIP that provides encryption on data in transit, utilizing TLS with AES-256 encryption (supporting the ciphers listed below).
It will require a valid certificate signed by a known certificate authority publisher; self signed certificates will be rejected.
An optional IPSec VPN is available as an add-on to the service – for more details, see Connecting via an IPSec VPN.
Secure SIP Supported Configurations
When setting up a Secure SIP connection, Fonolo supports the following configuration options that must match what your phone system and hardware devices are capable of.
Fonolo Secure SIP:
- Supports TLS v1.1 and TLS v1.2.
- SSL v2, SSL v3, and TLS v1.0 are all disabled by default.
- Is limited to the following ciphers:
-
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- AES128-SHA256
- AES256-SHA256