# How to enable TLS encryption on Grandstream phone

### What is TLS? <a href="#what-is-tls" id="what-is-tls"></a>

**TLS** is a cryptographic protocol that secures/encrypts SIP messages sent by a softphone, IP phone, or a PBX

This protocol offers a series of advantages, some of those advantages are:

* With TLS enabled, SIP messages cannot be intercepted, read, or altered by intruding parties;
* TLS is a recognized cryptography standard that allows you to use VoIP on the majority of mobile networks where you would otherwise encounter connectivity issues, or be unable to establish a connection with VoIP at all due to firewalls
* Enabling TLS in SIP-based IP-Phones can also help alleviate some issues that you may encounter with NAT transversal issues that often occur on double-NAT’d networks such as 4G/LTE networks.

### Important Notes / Requirements <a href="#important-notes-requirements" id="important-notes-requirements"></a>

For this guide you will only need access to a SIP Phone, this guide uses a GXP2170 as an example.

{% hint style="info" %}
Note: This TLS encryption are also tested on GRP Phones (GRP2615 and GRP2613) models

If you are using GRP Phones no need to follow Step 4 and 5 since it was set to Unlimted by default
{% endhint %}

### Configuring TLS on a Grandstream GXP2170 <a href="#configuring-tls-on-a-grandstream-gxp2170" id="configuring-tls-on-a-grandstream-gxp2170"></a>

For this example, we will be using a Grandstream GXP2170, but the general concept is the same for the majority of SIP-based IP phones.

The majority of SIP-based IP phones should support the use of TLS for the transport protocol, but some may require additional settings to be enabled for it to work.

### Steps <a href="#steps" id="steps"></a>

Follow the steps below to configure the TLS connection on the Grandstream GXP2170

1. Log in to the Grandstream phone
2. Navigate to “Accounts > Account 1 > SIP Settings > Basic settings”

![](/files/-MYNBseaTv_cjhcNU3km)

3\. Change the SIP Transport parameter from “UDP” to “TLS/TCP” to activate the TLS protocol then click "Save & Apply" at the bottom of the page

![](/files/-MYNC3BE4G6lRXrc9x6O)

{% hint style="info" %}
These next steps don't apply to the GRP series phones, if you have a GRP Series phone you don't need to complete steps 4 and 5
{% endhint %}

4\. Navigate to "Maintenance >> Security Settings >> Security"

![](/files/-MYNCBZKYq0Iy0U6vEfb)

5\. Change the “Minimum TLS Version” from "TLS 1.1" to "TLS 1.0" then click "Save & Apply" at the bottom of the page

![](/files/-MYNCNnxxZc3MMjqgSrW)

Congratulation you have successfully configured your Grandstream phone to use TLS protocol for encryption

Make sure to do a test call inbound/outbound from the phone as well to confirm everything is working smoothly, some phones may require slightly different configuration settings.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.hostednetwork.com.au/support/services/voice-over-ip-voip/technical-references/brand-specific-guides/grandstream-handsets/how-to-enable-tls-encryption-on-grandstream-phone.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.