Secure connection with media encryption (SRTP)

Secure connection with media encryption (SRTP)

In this article, you will learn how to encrypt communication, so that no one will be able to eavesdrop on conversations between extensions on Asterisk.

We will not describe how to generate certificates as this has already been explained in previous articles:


Interestingly, even if your SIP communication is encrypted, unencrypted RTP traffic can still be intercepted. Secure connections are made possible by media encryption (SRTP)

Table of Contents

1) Prerequisites

SRTP support is provided by libsrtplibsrtp must be installed on your computer before compiling Asterisk, otherwise you will see the following error:

ERROR[10167]: chan_sip.c:27987 setup_srtp: No SRTP module loaded, can't setup SRTP session.

If necessary, recompile Asterisk with libsrtp selected.

2) SRTP media encryption

 2.1) SIP channels

To enable encryption for SIP extensions, add encryption=yes to individual extensions or globally in the [general] section.


 2.2) PJSIP channels

To enable encryption for PJSIP extensions, add media_encryption to the individual extensions.

This variable can have one of the following values:

  • no – res_pjsip will offer no encryption and allow no encryption to be setup (default option)
  • sdes – res_pjsip will offer standard SRTP setup via in-SDP keys (encrypted SIP transport should be used in conjunction with this option to prevent exposure of media encryption keys)
  • dtls – res_pjsip will offer DTLS-SRTP setup

Additionally, you can use the media_encryption_optimistic variable to not enforce encryption, but to treat it as an option for phones that support it.


As a result, not only SIP communication will be encrypted but also RTP media.

Do you have questions or you need an offer?

Contact us!

Most popular

Related Posts

We Will Launch Soon


Monitoring & Reporting of Your VoIP Server