Yealink VC110 Administrator's Manual

Also see for VC110: Getting started Recovery guide Quick start guide User guide User guide

Contents

Configuring Security Features209 EXP1024-RC4-SHA EXP1024-RC4-MD5 EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP-DES-CBC-SHA EXP-RC4-MD5The following figure illustrates the TLS messages exchanged between the endpoint andTLS server to establish an encrypted communication channel:Step1: The endpoint sends ―Client Hello‖ message proposing SSL options.Step2: Server responds with ―Server Hello‖ message selecting the SSL options, sends itspublic key information in ―Server Key Exchange‖ message and concludes its part of thenegotiation with ―Server Hello Done‖ message.Step3: The endpoint sends key session information (encrypted by server‘s public key) inthe ―Client Key Exchange‖ message.Step4: Server sends ―Change Cipher Spec‖ message to activate the negotiated optionsfor all future messages it will send.The endpoint can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for theSIP account, the message of the SIP account will be encrypted after the successful TLSnegotiation.CertificatesThe endpoint can serve as a TLS client or a TLS server. The TLS requires the followingsecurity certificates to perform the TLS handshake: Trusted Certificate: When the endpoint requests a TLS connection with a server, theendpoint should verify the certificate sent by the server to decide whether it istrusted based on the trusted certificates list. The endpoint has 30 built-in trustedcertificates. You can upload up to 10 custom certificates to the endpoint. The formatof the certificates must be *.pem, *.cer, *.crt and *.der. For more information on 30trusted certificates, refer to Appendix B: Trusted Certificates on page 250. Server Certificate: When clients request a TLS connection with the endpoint, theendpoint sends the server certificate to the clients for authentication. The endpointhas two types of built-in server certificates: a unique server certificate and a