SIP account TLS/SRTP configuration is old fashioned/confusing
Tested on: Android 20190103 (f-droid)
Recently, voip.ms (finally) added support for calls encryption using TLS for signaling and SRTP for media. I was thrilled to try it with Jami, but couldn't get it to work:
- Add SIP account basic detail (alias, hostname, username & password), registered OK.
- Went to Security tab (android client), and enable TLS transport. As voip.ms is using a trusted SSL certificate, I wouldn't expect to have to do anything else, but:
a) the greyed out options below suggest that only the client certificate is going to be verified (I don't care about my cert, but I do want to authenticate the SIP server). So I checked the "Verify Server" box, and unchecked "Verify Client" and "TLS Require Client Certificate".
b) I have no idea why there's a "Server Name" field; this should at least defaults to my SIP hostname, if required?
c) There are other options which are nice for a self signed certs setup I guess, but overly complicated for the more straightforward CA signed use case. Perhaps they could be hidden under an "advanced" section?
d) I put my hostname in Server Name, just in case, and left the other options empty/default.
Expected result: SIP account is re-registered using TLS.
Actual result: TLS seems to fail silently, option is reverted to disabled when visiting the security menu.