Configuring Security Features
135
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
EXP1024-DHE-DSS-RC4-SHA
EXP1024-RC4-SHA
EXP1024-RC4-MD5
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC4-MD5
The following figure illustrates the TLS messages exchanged between the system and
TLS server to establish an encrypted communication channel:
Step1: The system sends ―Client Hello‖ message proposing SSL options.
Step2: Server responds with ―Server Hello‖ message selecting the SSL options, sends its
public key information in ―Server Key Exchange‖ message and concludes its part of the
negotiation with ―Server Hello Done‖ message.
Step3: The system sends key session information (encrypted by server‘s public key) in
the ―Client Key Exchange‖ message.
Step4: Server sends ―Change Cipher Spec‖ message to activate the negotiated options
for all future messages it will send.
The system can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for the
SIP account, the message of the SIP account will be encrypted after the successful TLS
negotiation.
Certificates
The system can serve as a TLS client or a TLS server. The TLS requires the following
security certificates to perform the TLS handshake:
Trusted Certificate: When the system requests a TLS connection with a server, the
system should verify the certificate sent by the server to decide whether it is trusted
based on the trusted certificates list. The system has 30 built-in trusted certificates.
You can upload up to 10 custom certificates to the system. The format of the
certificates must be *.pem, *.cer, *.crt and *.der. For more information on 30 trusted
To Next Page
Loading...
