media-security > dtls-srtp-profile
The dtls-srtp-profile element allows you to use DTLS-SRTP to secure media and the signaling used to establish DTLS-SRTP flows. You apply a configured dtls-srtp-profile profile to a realm.
Parameters
- name
- Enter a unique identifier for this DTLS SRTP profile. Use this name when you apply the profile to realms.
- tls-profile
- Enter the name of the tls-profile you want to apply to traffic under this dtls-srtp-profile.
- dtls-completion-timeout
- Specify the number of seconds the system waits for a DLTS
handshake to finish before terminating the session.
- Range: 0 (default) to 9999
- preferred-setup-role
- Specify the role the system takes within the client-server
context of the DTLS handshake.
- Default: passive—The system acts as the server.
- crypto-suite
- Specifies the cryptography suite the system proposes during the DTLS handshake
for encrypting media and authentication.
- Default: SRTP_AES128_CM_HMAC_SHA1_80
- Values:
- SRTP_AES128_CM_HMAC_SHA1_80—Enables support for the AES/128 bit key for encryption and HMAC/SHA-1 80-bit digest for authentication.
- SRTP_AES128_CM_HMAC_SHA1_32—Enables support for the AES/128 bit key for encryption and HMAC/SHA-1 32-bit digest for authentication.
- SRTP_AEAD_256_GCM
Path
dtls-srtp-profile is an element under the security path. The full path from the topmost ACLI prompt is: configure terminal > security > media-security > dtls-srtp-profile.
Note:
This is a multiple instance configuration element.