Encryption methodologies

This page describes the encryption methods that are used for Pexip Infinity. It covers:

Pexip nodes

All communication links between the Management Node and Conferencing Nodes, and between Conferencing Nodes, use an IPsec transport with the following settings:

  • 256-bit AES-GCM for encryption
  • a 4096 bit Diffie-Hellman modulus for key exchange.

No other ciphers, hashes or moduli are permitted.

These settings apply to both the initial channel set up for key exchange (ISAKMP) and the secondary channel over which application data is transported (ESP).

Inter-node traffic is restricted to only protocols that are expected for the successful operation of Pexip Infinity, including but not necessarily limited to call signaling, media, status, and configuration information; any unexpected traffic/protocols are dropped.


Encrypted connections between Pexip Infinity and endpoints use:

Connect apps (web/desktop/mobile) use:

  • HTTPS TLS for signaling
  • DTLS-SRTP for WebRTC media


The logs and snapshots uploaded to PexPortal use the following settings:

  • 256-bit AES-GCM for encryption

  • Salt parameter for additional security
  • The encryption key is derived from 128-bit character password