| Security Features | 83
Yealink devices support the following cipher suites:
• DHE-RSA-AES256-SHA
• DHE-DSS-AES256-SHA
• AES256-SHA
• EDH-RSA-DES-CBC3-SHA
• EDH-DSS-DES-CBC3-SHA
• DES-CBC3-SHA
• DES-CBC3-MD5
• DHE-RSA-AES128-SHA
• DHE-DSS-AES128-SHA
• AES128-SHA
• RC2-CBC-MD5
• IDEA-CBC-SHA
• DHE-DSS-RC4-SHA
• RC4-SHA
• RC4-MD5
• RC4-64-MD5
• EXP1024-DHE-DSS-DES-CBC-SHA
• EXP1024-DES-CBC-SHA
• EDH-RSA-DES-CBC-SHA
• EDH-DSS-DES-CBC-SHA
• DES-CBC-SHA
• DES-CBC-MD5
• EXP1024-DHE-DSS-RC4-SHA
• EXP1024-RC4-SHA
• EXP1024-RC4-MD5
• EXP-EDH-RSA-DES-CBC-SHA
• EXP-EDH-DSS-DES-CBC-SHA
• EXP-DES-CBC-SHA
• EXP-RC2-CBC-MD5
• EXP-RC4-MD5
Supported Trusted and Server Certificates
The device can serve as a TLS client or a TLS server. In TLS feature, we use the terms trusted and the
server certificate. These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
• Trusted Certificate: When the device requests a TLS connection with a server, the device should
verify the certificate sent by the server to decide whether it is trusted based on the trusted certificates
list. You can upload 10 custom certificates at most. The format of the trusted certificate files must be
*.pem,*.cer,*.crt, and *.der, and the maximum file size is 5MB.
• Server Certificate: When clients request a TLS connection with the device, the device sends the server
certificate to the clients for authentication. The device has two types of built-in server certificates: a
unique server certificate and a generic server certificate. You can only upload one server certificate
to the device. The old server certificate will be overridden by the new one. The format of the server
certificate files must be *.pem and *.cer, and the maximum file size is 5MB.
• A unique server certificate: It is unique to a device (based on the MAC address) and issued by the
Yealink Certificate Authority (CA).
• A generic server certificate: It is issued by the Yealink Certificate Authority (CA). Only if no unique
certificate exists, the device may send a generic certificate for authentication.
To Next Page
Loading...
