# How to enable TLS encryption on Grandstream phone

### What is TLS? <a href="#what-is-tls" id="what-is-tls"></a>

**TLS** is a cryptographic protocol that secures/encrypts SIP messages sent by a softphone, IP phone, or a PBX

This protocol offers a series of advantages, some of those advantages are:

* With TLS enabled, SIP messages cannot be intercepted, read, or altered by intruding parties;
* TLS is a recognized cryptography standard that allows you to use VoIP on the majority of mobile networks where you would otherwise encounter connectivity issues, or be unable to establish a connection with VoIP at all due to firewalls
* Enabling TLS in SIP-based IP-Phones can also help alleviate some issues that you may encounter with NAT transversal issues that often occur on double-NAT’d networks such as 4G/LTE networks.

### Important Notes / Requirements <a href="#important-notes-requirements" id="important-notes-requirements"></a>

For this guide you will only need access to a SIP Phone, this guide uses a GXP2170 as an example.

{% hint style="info" %}
Note: This TLS encryption are also tested on GRP Phones (GRP2615 and GRP2613) models

If you are using GRP Phones no need to follow Step 4 and 5 since it was set to Unlimted by default
{% endhint %}

### Configuring TLS on a Grandstream GXP2170 <a href="#configuring-tls-on-a-grandstream-gxp2170" id="configuring-tls-on-a-grandstream-gxp2170"></a>

For this example, we will be using a Grandstream GXP2170, but the general concept is the same for the majority of SIP-based IP phones.

The majority of SIP-based IP phones should support the use of TLS for the transport protocol, but some may require additional settings to be enabled for it to work.

### Steps <a href="#steps" id="steps"></a>

Follow the steps below to configure the TLS connection on the Grandstream GXP2170

1. Log in to the Grandstream phone
2. Navigate to “Accounts > Account 1 > SIP Settings > Basic settings”

![](https://3953723498-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LYYiX2aEcPAPdzrvDc4%2F-MYMz28oEPaLlWEcmGs2%2F-MYNBseaTv_cjhcNU3km%2Fimage.png?alt=media\&token=45a27544-34dd-451e-813f-40a1f40697c8)

3\. Change the SIP Transport parameter from “UDP” to “TLS/TCP” to activate the TLS protocol then click "Save & Apply" at the bottom of the page

![](https://3953723498-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LYYiX2aEcPAPdzrvDc4%2F-MYMz28oEPaLlWEcmGs2%2F-MYNC3BE4G6lRXrc9x6O%2Fimage.png?alt=media\&token=fdd15fec-b7bc-4f69-8378-d51b4730c841)

{% hint style="info" %}
These next steps don't apply to the GRP series phones, if you have a GRP Series phone you don't need to complete steps 4 and 5
{% endhint %}

4\. Navigate to "Maintenance >> Security Settings >> Security"

![](https://3953723498-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LYYiX2aEcPAPdzrvDc4%2F-MYMz28oEPaLlWEcmGs2%2F-MYNCBZKYq0Iy0U6vEfb%2Fimage.png?alt=media\&token=34cfc2d5-0b43-47ae-be91-13ddfbd7a12f)

5\. Change the “Minimum TLS Version” from "TLS 1.1" to "TLS 1.0" then click "Save & Apply" at the bottom of the page

![](https://3953723498-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LYYiX2aEcPAPdzrvDc4%2F-MYMz28oEPaLlWEcmGs2%2F-MYNCNnxxZc3MMjqgSrW%2Fimage.png?alt=media\&token=decfddf7-704c-4ee1-bb1e-395473b3926a)

Congratulation you have successfully configured your Grandstream phone to use TLS protocol for encryption

Make sure to do a test call inbound/outbound from the phone as well to confirm everything is working smoothly, some phones may require slightly different configuration settings.