Configuring Security Features193This chapter provides information for making configuration changes for the followingsecurity-related features: Transport Layer Security Secure Real-Time Transport Protocol Encrypting Configuration FilesThe TLS protocol is a commonly-used protocol for providing communications privacyand managing the security of message transmission. The TLS allows IP phones tocommunicate with other remote parties and connect to the HTTPS URL for provisioning ina way that is designed to prevent eavesdropping and tampering.The TLS protocol is composed of two layers: the TLS Record Protocol and the TLSHandshake Protocol. The TLS Record Protocol completes the actual data transmissionand ensures the integrity and privacy of the data. The TLS Handshake Protocol allowsthe server and client to authenticate each other and negotiate an encryption algorithmand cryptographic keys before data is exchanged.The TLS protocol use asymmetric cryptography for authentication of key exchange,symmetric encryption for confidentiality, and message authentication codes formessage integrity. Symmetric encryption: For symmetric encryption, the encryption key and thecorresponding decryption key can be told by each other. In most cases, theencryption key and the decryption key are the same one. Asymmetric encryption: For asymmetric encryption, you cannot tell the decryptionkey from the encryption key and vice versa. Each user has a pair of cryptographickeys – a public encryption key and a private decryption key. The informationencrypted by the public key can only be decrypted by the corresponding privatekey and vice versa. Usually, the receiver keeps its private key. The public key isknown by the sender, so the sender sends the information encrypted by the knownpublic key, and then the receiver uses the private key to decrypt it.