Skip to main content


Author: Anagha Ravi

What is TLS/SRTP?

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting VoIP, or voice over IP, calling. Often TLS is used alongside Secure Real-time Transport Protocol (SRTP). TLS encrypts the signaling of the calls, which you can think of as the set up and tear down portion of a call, and SRTP secures the actual media – the little ‘packets’ of data that run over the highway set up by the signaling. 

History of TLS/SRTP

SRTP was developed by members of Cisco and Ericsson and was first published by the IETF in March 2004. This initial publication listed the goals and features of SRTP as both the confidentiality of RTP and RTCP payloads. The goal was to create an upgradeable framework with low bandwidth and computational cost, a small code footprint, and independence from underlying transport, network, and physical layers used by RTP.   

TLS dates back to August 1986 when government agencies including the NSA teamed with several communications and computer corporations under the guise of a project called the Secure Data Network System (SDNS).  

How does Bandwidth use TLS/SRTP?

TLS/SRTP is an optional capability provided by Bandwidth, and is used to encrypt calls between the customers network and Bandwidth. Calls from Bandwidth to and from the PSTN are not encrypted.


Related terms

Related Content

Frequently Asked Questions

Why would a business want TLS/SRTP?

TLS/SRTP allows a business to encrypt calls between their voice system and Bandwidth. This provides the customer end- to end security between their voice system and Bandwidth.

What version of TLS is required?

Bandwidth supports use of TLS version 1.2. 

How do I know if TLS/SRTP is a good option for my business?

If your business has a stronger need to ensure security of your VoIP media stream, then you may want to consider evaluating this technology. Industries and verticals that could potentially fall into this bucket would be those in or serving the healthcare space, the financial sector, or even government entities (just to name a few.) The other major consideration is whether or not your organization has the technical ability and know-how to implement and manage TLS/SRTP within your system as well as the means to support its turn up.As another option, you may also want to consider utilizing secure dedicated connections.