How are sendCommand and sendEndpointMessages secured?

On Jitsi Meet Security & Privacy | Jitsi it says that audio and video is encrypted via DTLS-SRTP.
How are sendEndpointMessage oder sendCommand calls secured?

It can vary depending on the server configuration:

  • sendCommand: uses the XMPP channel, which is always secured with TLS, it can be either HTTPS or WSS.
  • sendEndpointMessage: here there are 2 options depending on the server configuration:
    • datachannel: DTLS-SRTP
    • websocket: TLS

The current default for both is WebSocket.

1 Like

If I enable e2ee mode in the conference only sendEndpointMessage with the datachannel configuration will be encrypted end2end or?

No, only audio and video use e2ee.