diff --git a/configs/samples/rtp.conf.sample b/configs/samples/rtp.conf.sample
index 7ab81b3bc4b631f56350d49ff0ad888881eaa021..1207c7805ecab8cdde8a57f0102296fef88cbc09 100644
--- a/configs/samples/rtp.conf.sample
+++ b/configs/samples/rtp.conf.sample
@@ -90,6 +90,11 @@ rtpend=20000
 ;
 ; For historic reasons stun_blacklist is an alias for stun_deny.
 ;
+; Whether to report the PJSIP version in a SOFTWARE attribute for all
+; outgoing STUN packets. This option is enabled by default.
+;
+; stun_software_attribute=yes
+;
 ; Hostname or address for the TURN server to be used as a relay. The port
 ; number is optional. If omitted the default value of 3478 will be used.
 ; This option is disabled by default.
diff --git a/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
new file mode 100644
index 0000000000000000000000000000000000000000..93905f6d0af8607ab5c58b38e2e948cb59be51cd
--- /dev/null
+++ b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
@@ -0,0 +1,8 @@
+Subject: res_rtp_asterisk
+
+By default Asterisk reports the PJSIP version in all
+STUN packets it sends.
+
+This behaviour may not be desired in a production
+environment and can now be disabled by setting the
+stun_software_attribute option to 'no' in rtp.conf.
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 20504cbb3fbc6eb3389bf44f5139e12a58070a52..0f883e9462a58bc3bf89269280193655c32a9ec8 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -184,6 +184,7 @@ enum strict_rtp_mode {
 #define DEFAULT_STRICT_RTP STRICT_RTP_YES	/*!< Enabled by default */
 #define DEFAULT_SRTP_REPLAY_PROTECTION 1
 #define DEFAULT_ICESUPPORT 1
+#define DEFAULT_STUN_SOFTWARE_ATTRIBUTE 1
 #define DEFAULT_DTLS_MTU 1200
 
 extern struct ast_srtp_res *res_srtp;
@@ -211,6 +212,7 @@ static int dtls_mtu = DEFAULT_DTLS_MTU;
 #endif
 #ifdef HAVE_PJPROJECT
 static int icesupport = DEFAULT_ICESUPPORT;
+static int stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 static struct sockaddr_in stunaddr;
 static pj_str_t turnaddr;
 static int turnport = DEFAULT_TURN_PORT;
@@ -1652,6 +1654,9 @@ static void ast_rtp_ice_turn_request(struct ast_rtp_instance *instance, enum ast
 	}
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, rtp->ioqueue->ioqueue, rtp->ioqueue->timerheap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	/* Use ICE session group lock for TURN session to avoid deadlock */
 	pj_turn_sock_cfg_default(&turn_sock_cfg);
@@ -3766,6 +3771,9 @@ static int ice_create(struct ast_rtp_instance *instance, struct ast_sockaddr *ad
 	pj_thread_register_check();
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, NULL, timer_heap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	ufrag = pj_str(rtp->local_ufrag);
 	passwd = pj_str(rtp->local_passwd);
@@ -9374,6 +9382,7 @@ static int rtp_reload(int reload, int by_external_config)
 
 #ifdef HAVE_PJPROJECT
 	icesupport = DEFAULT_ICESUPPORT;
+	stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 	turnport = DEFAULT_TURN_PORT;
 	memset(&stunaddr, 0, sizeof(stunaddr));
 	turnaddr = pj_str(NULL);
@@ -9449,6 +9458,9 @@ static int rtp_reload(int reload, int by_external_config)
 	if ((s = ast_variable_retrieve(cfg, "general", "icesupport"))) {
 		icesupport = ast_true(s);
 	}
+	if ((s = ast_variable_retrieve(cfg, "general", "stun_software_attribute"))) {
+		stun_software_attribute = ast_true(s);
+	}
 	if ((s = ast_variable_retrieve(cfg, "general", "stunaddr"))) {
 		stunaddr.sin_port = htons(STANDARD_STUN_PORT);
 		if (ast_parse_arg(s, PARSE_INADDR, &stunaddr)) {