What does end-to-end encryption do?
What does E2E encryption do?
What are the limitations of enabling E2E encryption on a Webex site?
What features are not available when E2E encryption is enabled?
Media streams flowing from a client to Cisco Webex servers are decrypted after they cross the Cisco Webex firewall. Cisco can then provide network-based recordings that include all media streams for future reference. Cisco Webex then re-encrypts the media stream before sending it to other clients. However, for businesses requiring a higher level of security, Cisco Webex also provides End-to-End encryption. With this option, the Cisco Webex cloud does not decrypt the media streams, as it does for normal communications. Instead it establishes a Transport Layer Security (TLS) channel for client-server communication. Additionally, all Cisco Webex clients generate key pairs and send the public key to the host’s client.
The host generates a symmetric key using a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), encrypts it using the public key that the client sends, and sends the encrypted symmetric key back to the client. The traffic generated by clients is encrypted using the symmetric key. In this model, traffic cannot be decoded by the Cisco Webex server. This End-to-End encryption option is available for Cisco Webex Meetings and Webex Support.
when end-to-end encryption is enabled, the following features are not supported:
- Personal Room meetings
- Join Before Host
- Video-device enabled meetings
- Cisco Webex Meetings Web App
- Linux clients
- Network-Based Recording (NBR)
- Saving session data, Transcripts, Meeting Notes, and etc...
- Remote Computer sharing
- PSTN Call-in/Call-back
- Note: When end-to-end encryption is enabled, the Pro-E2E-UnencryptedAudio session type indicates end-to-end encryption with the exception of PSTN.
- For more information on E2E and Cisco Secure Real-Time Collaboration, see: Security White Paper
- Enable End-to-End Encryption Using End-to-End Encryption Session Types