Encryption methodologies

Pexip nodes

The backplane (the link between the Management Node and a Conferencing Node, or between two Conferencing Nodes) uses an IPsec transport with the following settings:

• 256-bit AES-CBC for encryption
• SHA 512 hashing for integrity checking
• a 4096 bit Diffie-Hellman modulus for key exchange.

No other ciphers, hashes or moduli are permitted.

These settings apply to both the initial channel set up for key exchange (ISAKMP) and the secondary channel over which application data is transported (ESP).

Endpoints

Encrypted connections between Pexip Infinity and endpoints use:

• AES 128-bit encryption for media
• TLS for SIP call control (for more information, see Managing TLS and trusted CA certificates)
• SRTP for SIP media
• H.235 for H.323 media

Infinity Connect (web/desktop/mobile) clients use:

• HTTPS TLS for signaling
• DTLS and SRTMP (encrypted RTMP) for media