By default, Zoom encrypts in-meeting and in-webinar presentation content at the application layer during transit using TLS 1.2 with 256-bit AES GCM encryption algorithm for the desktop and mobile clients.
For dial-in participants joining by phone, the audio is encrypted until it leaves Zoom's data centers and is transferred to the participant's phone network.
Media channel encryption can be required for H.323 and SIP devices joining Zoom meetings; this provides partial encryption for the H.323 or SIP device's connection. This setting is configured at the account level, group, or user level. Media channel encryption will also need to be enabled on these devices when joining your Zoom meeting or they will receive an error and be unable to join.
If the meeting is only partially encrypted, due to connections such as phone dial-in, SIP/H.323 devices or streaming via RTMP, meeting participants on supported devices will see a warning icon to indicate partially encrypted connections.
For additional protection, users may also enable end-to-end encryption (E2EE). End-to-end encryption requires meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms and limits some meeting features.
Zoom Phone supports secure voice calls for connections between the Zoom Cloud and the Zoom desktop client, mobile app, web browser/client, and supported SIP devices. During call setup, Zoom Phone uses SIP over TLS 1.2 with Advanced Encryption Standard (AES) 256-bit algorithm for these connections. The Zoom desktop client, mobile app, and web browser/client connections encrypt call media to the Zoom Cloud using SRTP with AES 256-bit encryption algorithm. SIP devices configured with SRTP use AES-128 or AES-256 bit algorithm to encrypt call media for connections to the Zoom Cloud, otherwise unencrypted RTP is used as a fallback.
Important: By default, AES-128-bit encryption is enabled for call media transmitted by supported SIP devices. Admins can upgrade SIP devices to AES-256 bit encryption using the web portal. Fax lines may not support full encryption.
This article covers:
Free, Pro, Business, Enterprise, Education or API Account
When you are in a Zoom meeting, you will see a shield icon with a check mark indicating that the meeting is encrypted. However, if any endpoints which cannot use encryption, or can only be partially encrypted, join the meeting, you will see a yellow shield icon with an exclamation point (!)
instead. If you see a shield with a lock icon
, that means the meeting is using end-to-end encryption.
You can also view details of unencrypted or partially encrypted connections by clicking the shield icon, then clicking Exceptions next to Encryption. This will list any unencrypted or partially encrypted connections.
In addition, the shield icon will display with a yellow shield icon with an exclamation point (!) if media and signaling are not encrypted, or there are issues validating the TLS certificate:
Media encrypted | Signaling encrypted | TLS certificate valid |
Shield color |
Yes | Yes | Yes | ![]() |
Yes | Yes | No | ![]() |
Yes | No | No | ![]() |
No | No | No | ![]() |
Note: Due to the H.323 protocol does not support call signaling, H.323 devices will always have a yellow shield icon even though the media channels are encrypted.
How to enable the SIP/H.323 media channel encryption