Installation guide

Administrator Level Options
41-001561-00 REV00 – 10.2014 3-47
TLS Support
The IP Phones support a transport protocol called Transport Layer Security (TLS) and Persistent TLS. TLS is a protocol
that ensures communication privacy between the SIP phones and the Internet. TLS ensures that no third party may eaves-
drop or tamper with any message. An Administrator can configure the following parameters for TLS Support.
Parameter In
IP Phone UI
Parameter in
Mitel Web UI
Parameters in Configura-
tion Files
Description
N/A Transport Protocol sip transport protocol Specifies the protocol that the IP phone uses to send out SIP messages.
Default is UDP.
Notes:
If you set the value of this parameter to 4 (TLS), the phone checks to see
if the “sips persistent tls” is enabled. If it is enabled, the phone uses Per-
sistent TLS on the connection. If “sips persistent tls” is disabled, then
the phone uses TLS on the connection. If TLS is used, you must specify
the Root and Intermediate Certificates, the Local Certificate, the Private
Key, and the Trusted Certificates.
If the phone uses Persistent TLS, you MUST specify the Trusted Certifi-
cates; the Root and Intermediate Certificates, the Local Certificate, and
the Private Key are optional.
For more information, see Chapter 6, the section, “Transport Layer Secu-
rity (TLS)” on page6-15.
N/A N/A sips persistent tls Enables or disables the use of Persistent Transport Layer Security (TLS).
Persistent TLS sets up the connection to the server once and re-uses that
connection for all calls from the phone. The setup connection for Persist-
ent TLS is established during the registration of the phone. If the phones
are set to use Persistent TLS, and a call is made from the phone, this call
and all subsequent calls use the same authenticated connection. This sig-
nificantly reduces the delay time when placing a call.
Notes:
There can be only one persistent TLS connection created per phone.
If you configure the phone to use Persistent TLS, you must also specify
the Trusted Certificate file to use. The Root and Intermediate Certifi-
cates, Local Certificate, and Private Key files are optional.
For more information, see Chapter 6, the section, “Transport Layer Secu-
rity (TLS)” on page6-15.
NA NA sip persistent tls keep alive Allows you to configure the keep-alive feature for persistent TLS connec-
tions only. When this feature is configured, the phone will send keep-alive
pings to the proxy server at configured intervals.
The keep-alive feature for persistent TLS connections performs the fol-
lowing functionalities:
After a persistent TLS connection is established or re-established, acti-
vate the keep-alive, which will send CRLF to peer periodically.
The phone will retry the connection automatically when a persistent
TLS connection is down.
When a persistent TLS connection is re-established (primary is up or
primary is down and backup is up), refresh registration of the accounts
associated with the connection.
When a persistent TLS connection to primary is down, switch to
backup if connection to backup is working.
NA NA sip send sips over tls Allows administrators the ability to manually configure the IP phones to
use either the SIP or SIPS URI scheme when TLS or persistent TLS is ena-
bled.
For more information, see Chapter 6, the section, “Transport Layer Secu-
rity (TLS)” on page6-15.