SIP Communications Security
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
By default, Session Initiation Protocol (SIP) communications between Speech Server and trusted SIP peers are not encrypted and can be monitored by a malicious user. To make the SIP traffic more secure, configure Speech Server and the SIP peers in your deployment to use Mutual Transport Layer Security (TLS), which uses digital certificates to authenticate the endpoints and encrypts the transport channel.
To configure Speech Server for Mutual TLS:
Select a certificate for Speech Server to use for all Mutual TLS connections with SIP peers. For more information, see How to: Set Up a Certificate for Secure SIP Peer Communication.
Configure the SIP peer settings on Speech Server to use Mutual TLS. This setting configures Speech Server to only accept TLS connections for the SIP peer that can be authenticated with a certificate and reject all others. For more information, see How to: Configure a SIP Peer for Mutual TLS.
Note
To configure the SIP peer device for Mutual TLS, see the documentation for that SIP peer device.
If the SIP peer is Telephony Interface Manager Connector (TIMC), see TIMC Security.