September 10, 2021
Article : 067175
This article describes the Secure Voice Transport encryption and how to configure Secure Voice Transport on 3rd party desk phones in Rainbow Office.
What is a secure voice transport?
Secure voice transport adds transport layer encryption to both signaling and media for supported endpoints. This encryption is implemented using SIP over TLS and SRTP.
Transport Layer Security (TLS) is a cryptographic protocol that provides encryption on the SIP signaling data. TLS secures the SIP signaling communication between the devices and Rainbow Office’s cloud.
Secure Real-time Transport Protocol (SRTP) is a profile of the Real-time Transport Protocol (RTP). SRTP provides encryption to the RTP media packet stream that is transported between the devices and Rainbow Office’s cloud.
Please note that Secure Voice Transport provides encryption of in-transit traffic to Rainbow Office’s cloud and is not end-to-end encryption.
How to configure secure voice transport on 3rd Party BYODs
To configure your device to connect to the Rainbow Office VoIP service with secure voice transport, you will need to set up with the following information.
1. Devices must support TLS 1.2 (TLS 1.0 and TLS 1.1 devices will not be supported)
2. Devices must support Secure Real-Time Transport Protocol (SRTP) Offer and Answer in the Session Description Protocol (SDP)
To connect your device with Rainbow Office services, set up your device following the steps below. Configuration for each device may vary, please check with your device’s manufacturer for specific instructions.
1. Setup & Provision the 3rd Party desk phone device as an “Existing Phone” in the online account and then configure the device to the SIP Domain with port 5060 and the Outbound Proxy with port 5096. Use the most appropriate Outbound Proxy domain according to the location of your device.
2. Set the device’s Transport Protocol to use TLS.
3. Enable the device’s SRTP (Secure Real-Time Transport Protocol) Offer and Answer.
4. Reboot the device. If the device registers and is able to place/receive calls then you’re done!
1. If the device is unable to register using TLS, then on some devices you may need to upload a certificate chain to the device. This is only required if your device needs to validate the certificate. After loading the certificate chain then reboot the device
• Intermediate Certificate
• Root Certificate
NOTE: The process for adding a certificate chain varies from device to device. Please check with your device’s manufacturer for specific instructions.
2. If the device registers but can’t place/receive calls then please check with your device’s manufacturer for troubleshooting. Some older devices do not support Secure Real-Time Transport Protocol (SRTP) Offer and Answer in the Session Description Protocol (SDP) and will not work as an encrypted device.