Port 322: RTSPS — The Lock on Your Video Streams

Port 322 carries RTSPS (Real-Time Streaming Protocol Secure)—RTSP wrapped in TLS encryption. Every time an IP camera streams securely to a server, every time a surveillance system encrypts its feeds, every time RTSP adds a lock icon, that's port 322.

What RTSPS Does

RTSPS is RTSP (Real-Time Streaming Protocol) transported over TLS (Transport Layer Security). RTSP is the protocol that controls streaming media servers—it's how clients tell servers to play, pause, fast-forward, and rewind media streams. It's the remote control for video streams.¹

Standard RTSP runs on port 554, completely unencrypted. RTSPS runs on port 322, wrapped in the same TLS encryption that protects HTTPS traffic.²

When you connect to an rtsps:// URL, your client establishes a TLS connection to port 322, creating an encrypted tunnel for all commands and authentication data. The actual media stream (audio and video) can be separately encrypted using SRTP (Secure Real-time Transport Protocol), but RTSPS ensures the control channel—the commands, credentials, and session data—stays private.³

Why Port 322 Exists

For years, RTSP ran unencrypted. Security cameras streamed video in plaintext. Conference systems sent commands without encryption. Surveillance feeds were visible to anyone on the network.

RTSP 1.0 was defined in RFC 2326 back in 1998. The protocol worked, but security was an afterthought. Anyone with network access could intercept streams, capture credentials, or hijack sessions.⁴

RTSP 2.0 (RFC 7826, published in 2016) made TLS mandatory. The spec requires that clients and servers implement "TCP and TLS over TCP as mandatory transports for RTSP messages." The rtsps:// URI scheme was defined, and IANA reserved port 322 for secure RTSP.⁵

The protocol finally acknowledged what should have been obvious from the start: if you're streaming video over the Internet, you need encryption.

How RTSPS Works

Here's what happens when you connect to an RTSPS stream:

1. TLS Handshake: Client connects to port 322 and establishes a TLS session with the server
2. Authentication: Client sends credentials over the encrypted channel
3. RTSP Commands: Client sends RTSP commands (DESCRIBE, SETUP, PLAY) over TLS
4. Media Transport: Server responds with media transport information, typically using RTP/RTCP
5. Optional SRTP: Media streams can be additionally encrypted using SRTP

The key insight: RTSPS encrypts the control plane (commands and authentication), while SRTP encrypts the data plane (actual media). Many implementations use both.⁶

Who Uses Port 322

IP Cameras and Surveillance: Modern security cameras from Axis and Bosch implement RTSPS for secure feed transmission⁷

Media Servers: FFmpeg, GStreamer, MediaMTX, and Ant Media Server all support RTSPS streaming⁷

Video Conferencing: Systems that need secure media control channels

Remote Monitoring: Any application streaming video where privacy matters

Security Considerations

RTSPS solves the obvious problem: unencrypted RTSP exposes credentials and session data. But it's not a complete security solution.

What RTSPS Protects:

• Authentication credentials
• RTSP commands and session control
• Media setup information
• Protection against man-in-the-middle attacks on the control channel

What RTSPS Doesn't Protect:

• The actual media stream (unless you also use SRTP)
• Metadata about when streams start and stop (visible in network traffic)
• The fact that you're streaming something (traffic analysis still works)

If you need full encryption, combine RTSPS with SRTP. If you only use RTSPS, your video commands are encrypted but your video might not be.⁸

Related Ports

• Port 554: Standard RTSP (unencrypted)
• Port 443: HTTPS—uses the same TLS that protects RTSPS
• Port 1935: RTMP (Real-Time Messaging Protocol) for Flash streaming
• Port 8554: Common alternative RTSP port for non-privileged services

The Honest Truth About Port 322

Port 322 exists because the industry spent years streaming video without encryption before someone finally said "this is insane." RTSP 1.0 worked fine for controlled networks, but terrible for the Internet.

RTSPS adoption has been slow. As of 2024, implementation is growing—Axis and Bosch cameras support it, major media frameworks support it—but many systems still default to unencrypted RTSP on port 554.⁷

The protocol is straightforward: take RTSP, wrap it in TLS, use port 322 instead of 554. The hard part was convincing an industry to care about encryption.

Every secure camera feed, every encrypted surveillance stream, every RTSP connection that doesn't leak your credentials in plaintext—that's port 322 doing what should have been standard from day one.