Yealink Forums

Full Version: HTTPS/SSL Error
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hi Navok,

T21P_E2 run on V80.
To T21P you can send the request of sha256 to our local distributor in Russia.

Hi Yealink_James,
thanks for your reply.
We uses T21P, not T21P_E2.
Unfortunately, due to law restrictions, russian distributor excluding from firmware SRTP-encryption, that's why we using international firmware, not russian.
So, if russian distributor help us with sha256, we will have phones without srtp
Hi Navok,

We will send the request of adding SHA256 to our product department. They will collect all requests and consider adding it in new relase.
Currently plesae use sha1.

Hi! I downgraded my certificates to SHA1 and received the following error with option "CommonName Validation" activated:
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: subject:/serialNumber=Qsdfsdfsdfsdf0B4YG5bOGJak/OU=GT01975439/OU=See ©15/OU=Domain Control Validated - QuickSSL® Premium/
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
Apr 16 11:24:37 SIP [239]: SDL <3+error > [000] Common name and subject alt name doesn't match host name
Apr 16 11:24:38 SIP [239]: SDL <5+notice> [000] subject_alt_name:
Apr 16 11:24:38 SIP [239]: SDL <6+info > [000] Message sent: (to dest=

Domain name and IP addresses I changed in this log due to security reasons.
If I disable this option "CommonName Validation" everything goes OK.
It looks like phone trying to verify, if common name AND subject name in certificate equalent hostname, then it works OK, if this pair doesn't equalent to hostname, then it give error. But in our certificate there are no Subject name, because it is Quick SSL (not Quick SSL Premium). Can we change algorithm so, that phone will compare common name in certificate and hostname (without subject name verification) ?
Hi! Can Yealink-support answer to my question ?
Hi Navok,

Sorry for the late. Phone won't match both the common name and subject name.
If one of them match the host name then the authentication pass.

Can you check whether the common name match your sip server address?

Yes, common name and sip server domain name are exactly the same
Can you please send the certificate info, sip server screenshot and the syslog you got to us? Will have a check.

Hello James
Due to the depreciation of sha1, there are a lot of t21,t22,t26 and t28 and w52p.
When will the be enabled to support sha256.

This has to be a consideration.

Pages: 1 2
Reference URL's