Encryption for SIP/H.323 in zoom App
Zoom’s desktop and mobile clients encrypt in-meeting and in-webinar presentation files using TLS 1.2 with 256-bit AES GCM encryption by default.
Zoom’s data centers encrypt the audio until it leaves its data centers and is transferred to the participant’s phone network.
Zoom meetings can require encryption for H.323 and SIP devices. Users, groups, and accounts can configure this setting. If encryption isn’t enabled on these devices, they won’t be able to join your Zoom meeting and will receive an error.
Participants on supported devices will see an unencrypted connection warning icon if the meeting is only partially encrypted, such as with phone dial-ins, unencrypted SIP/H.323 devices or streaming via RTMP.
With Zoom meetings, all shared content is protected with powerful 256-bit AES-GCM encryption. End-to-end encryption (E2EE) can also be enabled for additional protection. Some meeting features are restricted with end-to-end encryption, which requires participants to join from the Zoom desktop client, mobile app, or Zoom Rooms
Prerequisites for encrypting SIP/H.323 connections
To enable SIP/H.323 endpoint encryption
- Free, Pro, Business, Enterprise, Education or API Account
To view the unencrypted connections warning
- Zoom desktop client
- Windows: 5.4.6 (59296.1207) or higher
- macOS: 5.4.6 (59296.1207) or higher
- Linux: 5.4.6 (59296.1207) or higher
- Zoom mobile app
- Android: 5.4.6 (812) or higher
- iOS: 5.4.6 (59285.1207) or higher
How to use the partially encrypted meeting warning
Zoom meetings display a shield icon with a check mark,
indicating that the meeting is encrypted. However, if any endpoints join which cannot be encrypted, you will see a yellow shield icon with an exclamation point (!)
instead. If you see a shield with a lock icon
, that means the meeting is using end-to-end encryption.
You can also view details of unencrypted connections by clicking the shield icon, then clicking Exceptions next to Encryption. This will list any unencrypted connections.
How to enable the SIP/H.323 endpoint encryption
Account
- As an administrator, log in to the Zoom web portal to edit your account settings.
- Under Account Management, click Account Settings.
- Make sure that Require Encryption for 3rd Party Endpoints (H323/SIP) is enabled under In Meeting (Basic).
- You can enable it by clicking the toggle. Then click Turn On to verify it has been enabled.
- You can set this setting as mandatory for all users in your account by clicking the lock icon, and then clicking Lock to confirm.
Group
Zoom has renamed the Group Management page to Groups if you signed up for a new account after August 21, 2021; or if you enabled the New Admin Experience in your account.
- As an admin, access the Zoom web portal and edit groups.
- Click on User Management, then Group Management.
- Select the relevant group from the list, then click Settings.
- Check the Require Encryption for 3rd Party Endpoints (SIP/H.323) setting under In Meeting (Basic).
- Click the toggle to enable the setting if it is disabled. Verify the setting by clicking Turn On if a verification dialog appears.
A grayed-out option has been locked at the account level and needs to be changed there. - (Optional) If you want this setting to be mandatory for all group members, click the lock icon and then click Lock to confirm the setting.
User
- Log into Zoom’s web portal.
- Click the Settings button.
- You will need to enable Require Encryption for 3rd Party Endpoints (SIP/H.323) under In Meeting (Basic).
- Toggle the setting on if it is disabled. Verify the change by clicking Turn On if prompted.
If the option is grayed out, the account or group has locked it. Please contact Zoom support.