CounterPath Bria 3.3 for Mac User Guide - Retail Deployments User Manual

CounterPath Corporation

58

Setting up the root certificate on your computer ensures that the connection to the proxy is TLS secure (the first
hop). Any proxy in the chain (between you and the caller) that does not support TLS may cause an insecure link
in the chain. Therefore, if the other party is outside your domain, you cannot be completely sure that the call is
secured at the signaling level, which means that you cannot be sure that it is secured at the media level.

Setting up for Security within Bria

The options for media encryption are described in the following table.

Table 8: Security Options

Option

How Outgoing Calls are Handled

How Incoming Calls Are Handled

Make and accept only
encrypted calls

Bria will place all calls with TLS. The call

INVITE

will specify SRTP media encryption.

If the correct certificates are not in place or if the
other party does not accept encrypted calls, the call
will fail.

Bria will only accept INVITEs that are for
encrypted calls.

If Bria receives a call INVITE that is not
encrypted, the call will be rejected.

Do not allow encrypted
call

Bria will place only unencrypted calls.

If the other party does not accept unencrypted
calls, the call will fail.

Bria will only accept

INVITE

s

that are for

unencrypted calls.

If Bria receives a call

INVITE

that is encrypted, the

call will be rejected.