Administrator’s Guide for SIP-T2 Series/T19(P) E2/T4 Series IP Phones
876
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
The following figure illustrates the TLS messages exchanged between the IP phone and TLS
server to establish an encrypted communication channel:
Step1: IP phone sends “Client Hello” message proposing SSL options.
Step2: Server responds with “Server Hello” message selecting the SSL options, sends its public
key information in “Server Key Exchange” message and concludes its part of the negotiation
with “Server Hello Done” message.
Step3: IP phone sends session key information (encrypted by server’s public key) in the “Client
Key Exchange” message.
Step4: Server sends “Change Cipher Spec” message to activate the negotiated options for all
future messages it will send.
IP phones can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for an account, the
SIP message of this account will be encrypted, and a lock icon appears on the LCD screen after
the successful TLS negotiation.
Certificates
The IP phone can serve as a TLS client or a TLS server. The TLS requires the following security
certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the IP
phone should verify the certificate sent by the server to decide whether it is trusted based
on the trusted certificates list. The IP phone has 74 built-in trusted certificates. You can
upload 10 custom certificates at most. The format of the trusted certificate files must be
*.pem,*.cer,*.crt and *.der and the maximum file size is 5MB. For more information on 74
trusted certificates, refer to Appendix C: Trusted Certificates on page 946.
Server Certificate: When clients request a TLS connection with the IP phone, the IP phone
sends the server certificate to the clients for authentication. The IP phone has two types of
built-in server certificates: a unique server certificate and a generic server certificate. You
can only upload one server certificate to the IP phone. The old server certificate will be
overridden by the new one. The format of the server certificate files must be *.pem and
*.cer and the maximum file size is 5MB.
To Next Page
Loading...
Need help?
General
