Manualshelf

Specifications

ManualsBrandsYealink ManualsIP phonesSIP-T3
221222223224225226227228229230
Configuring Security Features
209
Step1: IP phone sends Client Hello message proposing SSL options.
Step2: Server responds with Server Hello message selecting the SSL options, sends its
public key information in Server Key Exchange message and concludes its part of the
negotiation with Server Hello Done message.
Step3: IP phone sends session key information (encrypted with servers public key) in the
Client Key Exchange message.
Step4: Server sends Change Cipher Spec message to activate the negotiated
options for all future messages it will send.
IP phones can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for an
account, the SIP message of this account will be encrypted, and a lock icon appears
on the LCD screen after the successful TLS negotiation.
Certificates
The IP phone can serve as a TLS client or a TLS server. The TLS requires the following
security certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the
IP phone should verify the certificate sent by the server to decide whether it is
trusted based on the trusted certificates list. The IP phone has 30 built-in trusted
certificates. You can upload 10 custom certificates at most. The format of the
trusted certificate files must be *.pem,*.cer,*.crt and *.der.
Server Certificate: When the other clients request a TLS connection with the IP
phone, the IP phone sends the server certificate to the clients for authentication.
The IP phone has one built-in server certificate. You can only upload one server
certificate to the IP phone. The old server certificate will be overridden by the new
one. The format of the server certificate files must be *.pem and *.cer.
Whether IP phone authenticates the server certificate can be specified based on the
trusted certificates list. The trusted certificates list and the server certificates list contain
the default and custom certificates. You can specify the type of certificates the IP
phone accepts: default certificates, custom certificates, or all certificates. Common
Name Validation feature enables the IP phone to mandatorily validate the common
name of the certificate sent by the connecting server.
Procedure