You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/deploy/encryption-options.rst
+6Lines changed: 6 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -19,6 +19,12 @@ Mattermost supports TLS encryption including AES-256 with 2048-bit RSA on all da
19
19
20
20
Connections to Active Directory/LDAP can `optionally be secured with TLS or stunnel </configure/configuration-settings.html#ad-ldap-port>`__.
21
21
22
+
Connections to calls are secured with a combination of:
23
+
24
+
- TLS: The existing WebSocket channel is used to secure the signaling path.
25
+
- DTLS v1.2 (mandatory): Used for initial key exchange. Supports ``TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`` and ``TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`` algorithms.
26
+
- SRTP (mandatory): Used to encrypt all media packets (i.e. those containing voice or screen share). Supports ``AEAD_AES_128_GCM`` and ``AES128_CM_HMAC_SHA1_80`` algorithms.
0 commit comments