CounterPath eyeBeam 1.5
53
Setting up the root certificate on your computer ensures that the connection to the proxy is TLS secure (the first
hop). Any proxy in the chain (between you and the caller) that does not support TLS may cause an insecure link
in the chain. Therefore, if the other party is outside your domain, you cannot be completely sure that the call is
secured at the signaling level, which means that you cannot be sure that it is secured at the media level.
When a call with both signaling and media encryption is established, eyeBeam displays the encryption icon
( ). This icon indicates that the call is secure between each caller and their proxy (first and last hop) and that it
may or may not be secure for other hops.
When a call with no encryption or with only signaling encryption is established, eyeBeam displays the
unencrypted icon ( ).
Setting up for Security within eyeBeam
The options for media encryption are described in the following table.
Table 14: Security Options
Option How Outgoing Calls are Handled How Incoming Calls Are Handled
Make and accept only
encrypted calls eyeBeam will place all calls with TLS. The call
INVITE will specify SRTP media encryption.
If the correct certificates are not in place or if the
other party does not accept encrypted calls, the call
will fail.
eyeBeam will only accept INVITEs that are for
encrypted calls.
If eyeBeam receives a call INVITE that is not
encrypted, the call will be rejected and will be
placed in the Blocked list in the Calls & Contacts
drawer.
Prefer to make and
accept encrypted calls eyeBeam will place all calls with TLS. The call
INVITE will specify SRTP media encryption.
If the correct certificates are not in place or if the
other party does not accept encrypted calls, the call
will fail. eyeBeam will then place the call without
encryption.
eyeBeam will accept INVITEs for both encrypted
and unencrypted calls.
Make unencrypted calls,
accept all calls eyeBeam will place only unencrypted calls.
If the other party does not accept unencrypted
calls, the call will fail.
eyeBeam will accept INVITEs for both encrypted
and unencrypted calls.
Do not allow encrypted
call eyeBeam will place only unencrypted calls.
If the other party does not accept unencrypted
calls, the call will fail.
eyeBeam will only accept INVITEs that are for
unencrypted calls.
If eyeBeam receives a call INVITE that is
encrypted, the call will be rejected and will be
placed in the Blocked list in the Calls & Contacts
drawer.