All communication links between the Management Node and Conferencing Nodes, and between Conferencing Nodes, use an IPsec transport with the following settings:
- 256-bit AES-CBC for encryption
- SHA 512 hashing for integrity checking
- a 4096 bit Diffie-Hellman modulus for key exchange.
No other ciphers, hashes or moduli are permitted.
Inter-node traffic is restricted to only protocols that are expected for the successful operation of Pexip Infinity, including but not necessarily limited to call signaling, media, status, and configuration information; any unexpected traffic/protocols are dropped.
Encrypted connections between Pexip Infinity and endpoints use:
- AES 128-bit encryption for media
- TLS for SIP call control (for more information, see Managing TLS and trusted CA certificates)
- SRTP for SIP media
- H.235 for H.323 media
Infinity Connect (web/desktop/mobile) clients use:
- HTTPS TLS for signaling
- DTLS and SRTMP (encrypted RTMP) for media