Secure SIP (SIPS) Requirements

When connecting to your phone system, Fonolo offers the option of using Secure SIP (SIPS) over port TCP/5061. Although not needed or required in most cases, this connectivity option offers an extra layer of security, and can be configured for customers connecting to Fonolo using the Cloud-Based SIP integration option.

Alternatively, Fonolo also offers the ability to connect over an IPSec VPN, which provides complete “end-to-end” security. For more details, see Connecting via an IPSec VPN.

Secure SIP Supported Configurations

When setting up a Secure SIP connection, Fonolo supports the following configuration options that must match what your phone system and hardware devices are capable of.

Fonolo secure SIP:

  • Support TLS v1.1 and TLS v1.2. SSL v2, SSL v3, and TLS v1.0 are all disabled by default.
  • Is limited to the following ciphers:
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-CHACHA20-POLY1305
    • ECDHE-RSA-CHACHA20-POLY1305
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-RSA-AES128-GCM-SHA256
    • ECDHE-ECDSA-AES256-SHA384
    • ECDHE-RSA-AES256-SHA384
    • ECDHE-ECDSA-AES128-SHA256
    • ECDHE-RSA-AES128-SHA256
    • AES128-SHA256
    • AES256-SHA256

Related Articles