04-09-2015, 11:15 PM
Pages: 1 2
04-10-2015, 02:32 PM
Hi Yealink_James,
thanks for your reply.
We uses T21P, not T21P_E2.
Unfortunately, due to law restrictions, russian distributor excluding from firmware SRTP-encryption, that's why we using international firmware, not russian.
So, if russian distributor help us with sha256, we will have phones without srtp
thanks for your reply.
We uses T21P, not T21P_E2.
Unfortunately, due to law restrictions, russian distributor excluding from firmware SRTP-encryption, that's why we using international firmware, not russian.
So, if russian distributor help us with sha256, we will have phones without srtp
04-10-2015, 10:12 PM
Hi Navok,
We will send the request of adding SHA256 to our product department. They will collect all requests and consider adding it in new relase.
Currently plesae use sha1.
Regards,
James
We will send the request of adding SHA256 to our product department. They will collect all requests and consider adding it in new relase.
Currently plesae use sha1.
Regards,
James
04-16-2015, 07:16 PM
Hi! I downgraded my certificates to SHA1 and received the following error with option "CommonName Validation" activated:
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: subject:/serialNumber=Qsdfsdfsdfsdf0B4YG5bOGJak/OU=GT01975439/OU=See http://www.geotrust.com/resources/cps ©15/OU=Domain Control Validated - QuickSSL® Premium/CN=example.com
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
Apr 16 11:24:37 SIP [239]: SDL <3+error > [000] Common name and subject alt name doesn't match host name
Apr 16 11:24:38 SIP [239]: SDL <5+notice> [000] common_name:example.com subject_alt_name:
Apr 16 11:24:38 SIP [239]: SDL <6+info > [000] Message sent: (to dest=10.0.0.29:5061)
Domain name and IP addresses I changed in this log due to security reasons.
If I disable this option "CommonName Validation" everything goes OK.
It looks like phone trying to verify, if common name AND subject name in certificate equalent hostname, then it works OK, if this pair doesn't equalent to hostname, then it give error. But in our certificate there are no Subject name, because it is Quick SSL (not Quick SSL Premium). Can we change algorithm so, that phone will compare common name in certificate and hostname (without subject name verification) ?
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: subject:/serialNumber=Qsdfsdfsdfsdf0B4YG5bOGJak/OU=GT01975439/OU=See http://www.geotrust.com/resources/cps ©15/OU=Domain Control Validated - QuickSSL® Premium/CN=example.com
Apr 16 11:24:37 SIP [239]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
Apr 16 11:24:37 SIP [239]: SDL <3+error > [000] Common name and subject alt name doesn't match host name
Apr 16 11:24:38 SIP [239]: SDL <5+notice> [000] common_name:example.com subject_alt_name:
Apr 16 11:24:38 SIP [239]: SDL <6+info > [000] Message sent: (to dest=10.0.0.29:5061)
Domain name and IP addresses I changed in this log due to security reasons.
If I disable this option "CommonName Validation" everything goes OK.
It looks like phone trying to verify, if common name AND subject name in certificate equalent hostname, then it works OK, if this pair doesn't equalent to hostname, then it give error. But in our certificate there are no Subject name, because it is Quick SSL (not Quick SSL Premium). Can we change algorithm so, that phone will compare common name in certificate and hostname (without subject name verification) ?
04-27-2015, 11:22 PM
Hi! Can Yealink-support answer to my question ?
05-05-2015, 03:05 PM
Hi Navok,
Sorry for the late. Phone won't match both the common name and subject name.
If one of them match the host name then the authentication pass.
Can you check whether the common name match your sip server address?
Regards,
James
Sorry for the late. Phone won't match both the common name and subject name.
If one of them match the host name then the authentication pass.
Can you check whether the common name match your sip server address?
Regards,
James
05-05-2015, 10:49 PM
Yes, common name and sip server domain name are exactly the same
05-06-2015, 12:10 AM
Can you please send the certificate info, sip server screenshot and the syslog you got to us? Will have a check.
Thanks,
James
Thanks,
James
02-28-2016, 10:17 AM
Hello James
Due to the depreciation of sha1, there are a lot of t21,t22,t26 and t28 and w52p.
When will the be enabled to support sha256.
This has to be a consideration.
Regards
Due to the depreciation of sha1, there are a lot of t21,t22,t26 and t28 and w52p.
When will the be enabled to support sha256.
This has to be a consideration.
Regards
Pages: 1 2