Suggestions

close search

Add Messaging, Voice, and Authentication to your apps with Nexmo APIs

Visit Nexmo

Advanced Media Stream Encryption (AES-256)

By default the media streams passing through the OpenTok platform are encrypted using AES-128. In routed sessions, the media is encrypted between all clients and the media server. In relayed sessions, the media is encrypted between each pair of clients.

For enhanced security, the OpenTok platform also supports the AES-256 level of encryption on media streams. When a client is connecting to an OpenTok Media Router or another client, the cipher to use will be negotiated. If the client supports AES-256 then this will be the cipher negotiated for the media traffic. If the client does not support it, then AES-128 will be used. In the case of relayed sessions, both clients must support AES-256, otherwise they will fall back to AES-128.

Important: This feature is available as an add-on feature. Contact support@tokbox.com to enable this feature for your OpenTok project keys.

Encryption support on OpenTok clients

AES-256 is supported (in addition to AES-128) in apps that use the following OpenTok client SDKs:

In Chrome 62+, you can verify the encryption level by navigating to chrome://webrtc-internals. Upon publishing or subscribing to a stream, use chrome://webrtc-internals, to verify that the streams are using AES-256 check the srtpCipher listing under Channel-audio-1 (googComponent). If it is AES 256, the listing will include AEAD_AES_256_GCM.

Only AES-128 is supported in apps that use the following OpenTok client SDKs: