Authentication and encryption
Managing Cloud StarLeaf Cloud and traffic routing for administratorsLast updated June 28, 2018
Authentication with the StarLeaf Cloud service requires a signed certificate that all StarLeaf endpoints (hardware and software) have burned into them at the point of manufacture. All StarLeaf Cloud servers also have signed certificates that are required by the StarLeaf endpoints to guarantee that they are connected directly to a genuine server. Consequently our secure and encrypted connection cannot be negotiated by anything other than an authorized StarLeaf device, thus preventing a man-in-the-middle attack.
Every call made by a StarLeaf endpoint is authenticated and encrypted, both media and signaling, using industry-standard 128 bit AES encryption. When you call from StarLeaf to any other video device it WILL use encryption if the recipient device supports it. In a call negotiated by the StarLeaf Cloud, the Cloud will attempt to enforce the highest level of encryption that the third-party endpoints allow. Encryption cannot be disabled on StarLeaf calls.