When connecting to your phone system, Fonolo only supports using Secure SIP (e.g., Transport=TLS) over port TCP/5061. This connectivity option offers an extra layer of security and must be configured for customers connecting to Fonolo using the Cloud-Based SIP integration option.
The Fonolo service will utilize secure SIP that provides encryption on data in transit, utilizing TLS with AES-256 encryption (supporting the ciphers listed below).
It will require a valid certificate signed by a known certificate authority publisher; self-signed certificates will be rejected.
An optional IPSec VPN is available as an add-on to the service – for more details, see Connecting via an IPSec VPN.
Secure SIP Supported Configurations
When setting up a Secure SIP connection, Fonolo supports the following configuration options that must match what your phone system and hardware devices are capable of.
Fonolo Secure SIP:
- Supports TLS v1.2
- SSL v2, SSL v3, and TLS v1.0 & TLS v1.1 are all disabled by default.
- Is limited to the following ciphers:
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256