Encryption methodologies

Pexip nodes

All communication links between the Management Node and Conferencing Nodes, and between Conferencing Nodes, use an IPsec transport with the following settings:

  • 256-bit AES-GCM for encryption
  • a 4096 bit Diffie-Hellman modulus for key exchange.

No other ciphers, hashes or moduli are permitted.

These settings apply to both the initial channel set up for key exchange (ISAKMP) and the secondary channel over which application data is transported (ESP).

Inter-node traffic is restricted to only protocols that are expected for the successful operation of Pexip Infinity, including but not necessarily limited to call signaling, media, status, and configuration information; any unexpected traffic/protocols are dropped.


Encrypted connections between Pexip Infinity and endpoints use:

Infinity Connect (web/desktop/mobile) clients use:

  • HTTPS TLS for signaling
  • DTLS-SRTP for WebRTC media