User's Manual
How the IP Deskphone uses TLS
Transport Level Security (TLS) is a protocol for establishing a secure connection between two
end-points. After a connection is established using TCP, TLS negotiates the cryptographic
parameters used to secure the traffic that is sent over that connection. TLS, Public Key
Cryptography, and X.509 certificates provide either mutual or server authentication.
• Mutual authentication occurs when both the client and the server have public key
certificates assigned, that are used during the TLS handshake, to validate the identity of
both communicating parties. Both the server and the end point device certificates are
"signed" by well-known trusted certificate authorities.
• Server authentication occurs when a server has a certificate signed by a certificate
authority. The certificate is only used for the client to validate the identity of the server it
is connected to. After the TLS connection is established, the server can identify the IP
Deskphone through a user name and password.
How TLS impacts SIP
TLS impacts SIP in the following ways:
• URIs – contain transport parameters used to indicate the preferred method of contact.
For example,
Contact: Bob<sip:bob@company.com;transport=tls>
Important:
A transport parameter of TLS indicates that the server or client prefers TLS to be used
for communication.
SIP Software Release 4.0 and later adds transport=tls to the contact header when using
TCP or TLS.
• VIA header – contains the transport protocol used to send a request. For example, Via:
SIP4.1/TLS bob.company.com;....;alias
The IP Deskphone attempts to downgrade the allowed protocols if connection attempts
are made and fail. In order to avoid the IP Deskphone using an unsecure protocol, only
TLS is enabled.
The order of preference for protocols is always: TLS, TCP, and UDP.
You must enable the SIP TLS Listening port for incoming TLS connections to be made.
Security
224 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012
Comments? infodev@avaya.com