We are currently using Twilio → LiveKit Cloud SIP over TLS with the following URI:
sip:XXXX.sip.livekit.cloud:5061;transport=tls
Twilio recently announced that starting May 1, 2026, their public CA-issued certificates for SIP over TLS will no longer include the “Client Authentication” EKU extension, and after certificate rotation, connections may fail if the receiving server strictly requires the ClientAuth EKU for mTLS validation.
We would like to confirm:
-
Does LiveKit Cloud SIP use mutual TLS (mTLS) for inbound Twilio SIP trunks?
-
If so, does LiveKit validate or require the Client Authentication EKU on the client certificate?
-
Is any action required on our side before May 1, 2026?
Our current setup is standard secure trunking (TLS on port 5061)
Just wanted to proactively confirm there will be no disruption after Twilio rotates their certificate.
Thanks in advance!