Configure DTLS-SRTP

A DTLS-SRTP profile specifies the parameter values offered or accepted during DTLS negotiation.

To configure DTLS-SRTP profile parameters:

Create one or more TLS Security Policies that specify key exchange protocols and protocol-specific profiles.

1. From superuser mode, use the following command sequence to access dtls-srtp-profile configuration mode.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# media-security
   ORACLE(media-security)# dtls-srtp-profile
   ORACLE(dtls-srtp-profile)#

2. Use the required name parameter to provide a unique identifier for this dtls-srtp-profile instance.

   name enables the creation of multiple dtls-srtp-profile instances.

3. Use the required tls-profile parameter to assign the TLS profile you created for this dtls-srtp-profile instance.
4. Use the required dtls-completion-timeout parameter to specify a time limit to the DTLS handshake.
   Values range from 0 (Default) to 999999 seconds.
5. Define the system as a server using the preferred-setup-role parameter.
   • passive—Proposes that the ESBC perform the server role.
6. Use the crypto-suite parameter to select the encryption and authentication algorithms accepted or offered by this dtsl-srtp-profile.

   Allowable values are:

   • SRTP_AES_CM_128_HMAC_SHA1_80 (default)—Enables support for the AES/128 bit key for encryption and HMAC/SHA1-180-bit digest for authentication.
   • SRTP_AES_CM_128_HMAC_SHA1_32—Enables support for the AES/128 bit key for encryption and HMAC/SHA1-132-bit digest for authentication.
7. Use done, exit, and verify-config to complete configuration of this DTLS profile instance.
8. Repeat Steps 1 through 8 to configure additional DTLS-SRTP profiles.