| 78 | The use of SRTP is controlled by settings in both pjsua_config and pjsua_acc_config. The settings in pjsua_config specifies the default settings for all accounts, and the settings in pjsua_acc_config can be used to further set the behavior for that specific account. |
| 79 | |
| 80 | In both pjsua_config and pjsua_acc_config, there are two configuration items to control: |
| 81 | |
| 82 | '''use_srtp''':: |
| 83 | This option controls whether secure media transport (SRTP) should be used for this account. Valid values are: |
| 84 | - PJMEDIA_SRTP_DISABLED (0): SRTP is disabled, and incoming call with RTP/SAVP transport will be rejected. |
| 85 | - PJMEDIA_SRTP_OPTIONAL (1): SRTP will be advertised and SRTP will be used if remote supports it, but the call may fall back to unsecure media. |
| 86 | - PJMEDIA_SRTP_MANDATORY (2): secure media is mandatory, and the call can only proceed if secure media can be established. |
| 87 | The default value for this option is PJSUA_DEFAULT_USE_SRTP, which is zero (disabled). |
| 88 | |
| 89 | '''srtp_secure_signaling''':: |
| 90 | This option controls whether SRTP requires secure signaling to be used. This option is only used when {{{use_srtp}}} option above is non-zero. Valid values are: |
| 91 | - 0: SRTP does not require secure signaling |
| 92 | - 1: SRTP requires secure transport such as TLS |
| 93 | - 2: SRTP requires secure end-to-end transport (SIPS) |
| 94 | The default value for this option is PJSUA_DEFAULT_SRTP_SECURE_SIGNALING, which is 1 (require TLS transport). |
| 95 | |
| 96 | |
| 97 | |
| 98 | |
| 99 | === pjsua === |
| 100 | |
| 101 | New option '''---use-srtp''' is added, with valid values are 0, 1, or 2. This corresponds to {{{use_srtp}}} setting above. |
| 102 | |
| 103 | Sample usage: |
| 104 | {{{ |
| 105 | $ ./pjsua --use-tls --use-srtp=1 |
| 106 | }}} |
| 107 | |
| 108 | Note: we need to enable TLS since by default SRTP requires secure signaling to be used (see ''srtp_secure_signaling'' setting above). If you want to use SRTP with non-secure transport (which is not recommended unless for testing purpose only!), you can modify ''srtp_secure_signaling'' setting in pjsua application. |
| 109 | |
| 110 | |
| 112 | |
| 113 | The SRTP transport may also be used directly without having to involve SDP negotiations. However, you will need to have a different mechanism to exchange keys between endpoints. |
| 114 | |
| 115 | To use SRTP transport directly: |
| 116 | - Call pjmedia_transport_srtp_create() to create the SRTP adapter, giving it the actual media transport instance (such as UDP transport). |
| 117 | - Call pjmedia_transport_srtp_start() to active SRTP session, giving it both local and remote crypto settings and keys. |
| 118 | - Call pjmedia_transport_attach() to configure the remote RTP/RTCP addresses and attach your RTP and RTCP callbacks. |
| 119 | - Call pjmedia_transport_send_rtp() and pjmedia_transport_send_rtcp() to send RTP/RTCP packets. |
| 120 | - Once you done with your session, call pjmedia_transport_close() to destroy the SRTP adapter (and optionally the actual transport which is attached to the SRTP adapter, depending on whether ''close_member_tp'' flag is set in the options when creating the SRTP adapter). |