SIP configuration options need explanation
To an SIP newcomer like me, the configuration options in the Jami app are very unclear. Specifically, entries that leave me wondering are:
- Advanced / Enable UPnP. I thought SIP is a client-server protocol, why would it need to open ports?
- Advanced / Use DHT proxy. Similar question. In which way is DHT involved in SIP?
- Advanced / Use Stun/TURN. What is the effect of enabling these options?
- Security / Add credentials. Currently contains my password, and "*". What does the * mean? How can a SIP account possibly have multiple credentials?
- Security / Encrypt media streams (SRTP). Encryption sounds good, why is it disabled by default? Does it require server support, or client support on the other end (end-to-end)? What happens if my server or a caller do not support SRTP?
- Security / Enable SDES as key exchange protocol. What are the pros and cons of setting this option?
- Security / Use TLS Transport. Transport encryption should be standard on any protocol nowadays, why is this disabled by default?
- Security / Certification authorities, certificate file and private key file have a red exclamation mark, indicating that some action must be taken. But they are greyed out. What is the issue here? If this is related to TLS, why can it not use the system-wide certificate store for authentication?
- Security / TLS method: TLSv1. TLS version 1 is deprecated and should not be used. Why is this the default? TLSv1.3 is not even an option here, apparently?
- Security / TLS ciphers. Just opens a text field. What is the user supposed to put in here?
- Server name. I would assume that this is the domain name configured for the SIP account (user@domain). What does this option mean?
- Security / Verify server/client. What is the effect of these options?
- Security / TLS require client certificate. (default: on) What is the effect of this option?
My main reason for using SIP is having encrypted telephony. Based on these presented options, I have no idea whether my settings are secure and whether my voice calls are encrypted or not.
In particular, my provider Sipgate.de apparently does not support SRTP (https://basicsupport.sipgate.de/hc/de/articles/207246495-Ist-eine-SRTP-TLS-Sprachverschl%C3%BCsselung-m%C3%B6glich-), so does this mean that SRTP is involved in client-to-server communication, not end-to-end? Confusingly, if I enable SRTP in the options above, my connection is still shown as "online", so something seems to work.
Configuration options that I am missing are:
- ZRTP. Is ZRTP supported? Based on my research, this one is definitely end-to-end.
- Configuring a display name. Other SIP clients offered me to set up a display name, but this does not seem to be an option for SIP accounts in Jami.
Clarification would be appreciated! :)