diff --git a/audio/channel_send.cc b/audio/channel_send.cc
index 793a7dd263..040464049a 100644
--- a/audio/channel_send.cc
+++ b/audio/channel_send.cc
@@ -507,7 +507,11 @@ int32_t ChannelSend::SendRtpAudio(AudioFrameType frameType,
   // E2EE Custom Audio Frame Encryption (This is optional).
   // Keep this buffer around for the lifetime of the send call.
   rtc::Buffer encrypted_audio_payload;
-  if (frame_encryptor_ != nullptr) {
+  // We don't invoke encryptor if payload is empty, which means we are to send
+  // DTMF, or the encoder entered DTX.
+  // TODO(minyue): see whether DTMF packets should be encrypted or not. In
+  // current implementation, they are not.
+  if (frame_encryptor_ != nullptr && !payload.empty()) {
     // TODO(benwright@webrtc.org) - Allocate enough to always encrypt inline.
     // Allocate a buffer to hold the maximum possible encrypted payload.
     size_t max_ciphertext_size = frame_encryptor_->GetMaxCiphertextByteSize(
diff --git a/modules/rtp_rtcp/source/rtp_sender_audio.cc b/modules/rtp_rtcp/source/rtp_sender_audio.cc
index 86026ffd92..c54cb91cd8 100644
--- a/modules/rtp_rtcp/source/rtp_sender_audio.cc
+++ b/modules/rtp_rtcp/source/rtp_sender_audio.cc
@@ -224,7 +224,8 @@ bool RTPSenderAudio::SendAudio(AudioFrameType frame_type,
   if (payload_size == 0 || payload_data == NULL) {
     if (frame_type == AudioFrameType::kEmptyFrame) {
       // we don't send empty audio RTP packets
-      // no error since we use it to drive DTMF when we use VAD
+      // no error since we use it to either drive DTMF when we use VAD, or
+      // enter DTX.
       return true;
     }
     return false;