EasyManuals Logo

Avaya 9600 Series Installing And Administering

Avaya 9600 Series
268 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #49 background imageLoading...
Page #49 background image
Note:
Identities containing a wildcard are not supported and do not match. For example,
*.domain.com in the certificate will not match a connection to hostname.domain.com.
In addition, all SIP-TLS connections also verify that the SIP domain configured on the phone is
present in the SIP server certificate as per RFC 5922.
The phone checks for a SIP domain match with the following in the specified order until a match is
found:
1. Field of type URI in the SAN extension.
2. Field of type DNSName in the SAN extension and there is no URI field in the list of SAN
extensions.
3. Full content of one field in the CN and there is no URI field in the list of SAN extensions.
Note:
Only full matches are allowed. For example, a configured SIP domain of sipdomain.com will
not match a SAN DNSName containing proxy1.sipdomain.com.
FIPS mode
The Federal Information Processing Standard, or FIPS 140-2, is a computer security standard
used by the U.S. government to approve cryptographic modules. OpenSSL libraries include a set
of cryptographic algorithms compliant with FIPS 140-2, which can be invoked when the library is
initiated in FIPS mode. The parameter FIPS_ENABLED controls the usage of OpenSSL FIPS
certified cryptographic modules. You can set the parameter through the 46xxsettings.txt file
or DHCP option 242. The description of the parameter is as follows:
Parameter name
Default value Description
FIPS_ENABLED 0 Specifies whether only FIPS-approved
cryptographic algorithms will be supported.
The options are:
0: No restriction on using cryptographic
algorithms that are not FIPS-approved.
1: Use only FIPS-approved cryptographic
algorithms using embedded FIPS 140-2
validated cryptographic module.
Ensure that the value of the parameter CONFIG_SERVER_SECURE_MODE is set to 1 when the
phone is in FIPS mode.
When you enable FIPS mode, you must disable the following features on the phone:
SSH Server.
SCEP certificate enrollment: When a phone runs in FIPS mode, identity certificate enrollment
through SCEP is disabled by the software. If identity certificate is generated before
FIPS_ENABLED is set to 1, it can still use the existing identity certificate after phone reboot.
FIPS mode
January 2020 Installing and Administering Avaya 9601/9608/9611G/9621G/9641G/9641GS IP
Deskphones SIP 49
Comments on this document? infodev@avaya.com

Table of Contents

Other manuals for Avaya 9600 Series

Preview: Manual
Manual187 pages
Preview: Setup Guide
Setup Guide65 pages
Preview: Administering
Administering162 pages
Preview: User Guide
User Guide178 pages
Preview: Instruction Manual
Instruction Manual98 pages
Preview: Configuring
Configuring51 pages
Preview: Application Notes
Application Notes14 pages
Preview: Brochure
Brochure4 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Avaya 9600 Series and is the answer not in the manual?

Avaya 9600 Series Specifications

General IconGeneral
BrandAvaya
Model9600 Series
CategoryIP Phone
LanguageEnglish

Related product manuals