The Zoom Community is here!
We welcome all Zoom customers to come together on the Zoom Community to ask questions, find solutions,
and collaborate with peers. Login with your Zoom account credentials and start collaborating!

Encryption for SIP/H.323 Follow

Overview

By default, Zoom encrypts in-meeting and in-webinar presentation content at the application layer during transit using TLS 1.2 with 256-bit AES GCM encryption algorithm for the desktop and mobile clients.

For dial-in participants joining by phone, the audio is encrypted until it leaves Zoom's data centers and is transferred to the participant's phone network.

Encryption can be required for H.323 and SIP devices joining Zoom meetings. This setting is configured at the account level, group, or user level. Encryption will also need to be enabled on these devices when joining your Zoom meeting or they will receive an error and be unable to join.

If the meeting is only partially encrypted, due to connections such as phone dial-in, unencrypted SIP/H.323 devices or streaming via RTMP, meeting participants on supported devices will see a warning icon to indicate unencrypted connections.

In your Zoom meetings, all shared content is secured with powerful 256-bit AES-GCM encryption. For additional protection, users may also enable end-to-end encryption (E2EE). End-to-end encryption requires meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms and limits some meeting features.

This article covers:

Prerequisites

To enable SIP/H.323 endpoint encryption

  • Free, Pro, Business, Enterprise, Education or API Account

To view the unencrypted connections warning

  • Zoom desktop client
    • Windows: 5.4.6 (59296.1207) or higher
    • macOS: 5.4.6 (59296.1207) or higher
    • Linux: 5.4.6 (59296.1207) or higher
  • Zoom mobile app
    • Android: 5.4.6 (812) or higher
    • iOS: 5.4.6 (59285.1207) or higher

Using the partially encrypted meeting warning

When you are in a Zoom meeting, you will see a shield icon with a check mark  indicating that the meeting is encrypted. However, if any endpoints join which cannot be encrypted, you will see a yellow shield icon with an exclamation point (!)  instead. If you see a shield with a lock icon , that means the meeting is using end-to-end encryption.

You can also view details of unencrypted connections by clicking the shield icon, then clicking Exceptions next to Encryption. This will list any unencrypted connections. 

Enabling SIP/H.323 endpoint encryption

Account

To enable Require Encryption for 3rd Party Endpoints (H323/SIP) for all users in the account:
  1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
  2. In the navigation panel, click Account Management then Account Settings.
  3. Under In Meeting (Basic), verify that Require Encryption for 3rd Party Endpoints (H323/SIP) is enabled.
  4. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
  5. (Optional) If you want to make this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.

Group

Note: If you signed up for a new Zoom account after August 21, 2021; or the New Admin Experience is enabled on your account, the Group Management page has been renamed to Groups.

To enable Require Encryption for 3rd Party Endpoints (SIP/H.323) for a group of users:
  1. Sign in to the Zoom web portal as an admin with the privilege to edit groups.
  2. In the navigation panel, click User Management then Group Management.
  3. Click the applicable group name from the list, then click the Settings tab.
  4. Under In Meeting (Basic), verify that Require Encryption for 3rd Party Endpoints (SIP/H.323) is enabled.
  5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
    Note: If the option is grayed out, it has been locked at the account level and needs to be changed at that level.
  6. (Optional) If you want to make this setting mandatory for all users in the group, click the lock icon, and then click Lock to confirm the setting.

User

To enable Require Encryption for 3rd Party Endpoints (SIP/H.323) for your own use:
  1. Sign in to the Zoom web portal.
  2. In the navigation panel, click Settings.
  3. Under In Meeting (Basic), verify that Require Encryption for 3rd Party Endpoints (SIP/H.323) is enabled.
  4. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
    Note: If the option is grayed out, it has been locked at either the group or account level. You need to contact your Zoom admin.