Configuring Security Features207Configuring Security FeaturesThis chapter provides information for making configuration changes for the followingsecurity-related features: Transport Layer Security Secure Real-Time Transport Protocol Encrypting Configuration FilesNoteTransport Layer SecurityTLS is a commonly-used protocol for providing communications privacy and managingthe security of message transmission, allowing IP phones to communicate with otherremote parties and connect to the HTTPS URL for provisioning in a way that is designedto prevent eavesdropping and tampering.TLS protocol is composed of two layers: TLS Record Protocol and TLS HandshakeProtocol. The TLS Record Protocol completes the actual data transmission and ensuresthe integrity and privacy of the data. The TLS Handshake Protocol allows the server andclient to authenticate each other and negotiate an encryption algorithm andcryptographic keys before data is exchanged.The TLS protocol uses asymmetric encryption for authentication of key exchange, andsymmetric encryption for confidentiality, and message authentication codes forintegrity. Symmetric encryption: For symmetric encryption, the encryption key and thecorresponding decryption key can be told by each other. In most cases, theencryption key is the same as the decryption key. Asymmetric encryption: For asymmetric encryption, each user has a pair ofcryptographic keys – a public encryption key and a private decryption key. Theinformation encrypted by the public key can only be decrypted by thecorresponding private key and vice versa. Usually, the receiver keeps its privatekey. The public key is known by the sender, so the sender sends the informationencrypted by the known public key, and then the receiver uses the private key todecrypt it.IP phones support TLS version 1.0. A cipher suite is a named combination ofauthentication, encryption, and message authentication code (MAC) algorithms usedTo use these features correctly, we recommend that IP phones running firmware version71 or later CANNOT be downgraded to the earlier firmware version.