How to enable TLS encryption on Grandstream phone

This article covers how to configure TLS on your Grandstream Phones

What is TLS?

TLS is a cryptographic protocol that secures/encrypts SIP messages sent by a softphone, IP phone, or a PBX

This protocol offers a series of advantages, some of those advantages are:

  • With TLS enabled, SIP messages cannot be intercepted, read, or altered by intruding parties;

  • TLS is a recognized cryptography standard that allows you to use VoIP on the majority of mobile networks where you would otherwise encounter connectivity issues, or be unable to establish a connection with VoIP at all due to firewalls

  • Enabling TLS in SIP-based IP-Phones can also help alleviate some issues that you may encounter with NAT transversal issues that often occur on double-NAT’d networks such as 4G/LTE networks.

Important Notes / Requirements

For this guide you will only need access to a SIP Phone, this guide uses a GXP2170 as an example.

Note: This TLS encryption are also tested on GRP Phones (GRP2615 and GRP2613) models

If you are using GRP Phones no need to follow Step 4 and 5 since it was set to Unlimted by default

Configuring TLS on a Grandstream GXP2170

For this example, we will be using a Grandstream GXP2170, but the general concept is the same for the majority of SIP-based IP phones.

The majority of SIP-based IP phones should support the use of TLS for the transport protocol, but some may require additional settings to be enabled for it to work.

Steps

Follow the steps below to configure the TLS connection on the Grandstream GXP2170

  1. Log in to the Grandstream phone

  2. Navigate to “Accounts > Account 1 > SIP Settings > Basic settings”

3. Change the SIP Transport parameter from “UDP” to “TLS/TCP” to activate the TLS protocol then click "Save & Apply" at the bottom of the page

These next steps don't apply to the GRP series phones, if you have a GRP Series phone you don't need to complete steps 4 and 5

4. Navigate to "Maintenance >> Security Settings >> Security"

5. Change the “Minimum TLS Version” from "TLS 1.1" to "TLS 1.0" then click "Save & Apply" at the bottom of the page

Congratulation you have successfully configured your Grandstream phone to use TLS protocol for encryption

Make sure to do a test call inbound/outbound from the phone as well to confirm everything is working smoothly, some phones may require slightly different configuration settings.

Last updated