Encryption methodologies

Pexip nodes

All communication links between the Management Node and Conferencing Nodes, and between Conferencing Nodes, use an IPsec transport with the following settings:

  • 256-bit AES-CBC for encryption
  • SHA 512 hashing for integrity checking
  • a 4096 bit Diffie-Hellman modulus for key exchange.

No other ciphers, hashes or moduli are permitted.

These settings apply to both the initial channel set up for key exchange (ISAKMP) and the secondary channel over which application data is transported (ESP).

Inter-node traffic is restricted to only protocols that are expected for the successful operation of Pexip Infinity, including but not necessarily limited to call signaling, media, status, and configuration information; any unexpected traffic/protocols are dropped.

Endpoints

Encrypted connections between Pexip Infinity and endpoints use:

Infinity Connect (web/desktop/mobile) clients use:

  • HTTPS TLS for signaling
  • DTLS and SRTMP (encrypted RTMP) for media