Yealink Forums

Full Version: T46/CP960 don't register on S4B W/ TLS1.2
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Skype for Business On-Prem 2015 Enterprise, with latest CU updates to support TLS 1.2
Phones: CP960, T46S
CP960:
Firmware Version 73.8.0.27
Hardware Version 73.0.0.9.0.0.0

On Skype servers disable all encryption Protocols except TLS1.2 .
Phone does not register!

On Skype servers enable TLS1.0, TLS 1.1, and TLS1.2. use the same Cipher-suites as before.
Phone does register! and works fine.

I have done the same test with an AudioCodes 440HD, and S4B soft client, and it works fine with only TLS1.2 enabled on the server.

In packet capture I observe that for http over TLS traffic the phone uses TLS1.2, but when it uses TLS.sip traffic it falls back to TLS1.0
Below Screencaps were made when TLS1.0, 1.1, and 1.2 are enabled on S4B.
With only TLS1.2 enabled, the phone won't register.

[Image: 2dm72gx.jpg]

[Image: wj9lhe.png]
(10-21-2018 01:51 PM)PtheGr8 Wrote: [ -> ]Skype for Business On-Prem 2015 Enterprise, with latest CU updates to support TLS 1.2
Phones: CP960, T46S
CP960:
Firmware Version 73.8.0.27
Hardware Version 73.0.0.9.0.0.0

On Skype servers disable all encryption Protocols except TLS1.2 .
Phone does not register!

On Skype servers enable TLS1.0, TLS 1.1, and TLS1.2. use the same Cipher-suites as before.
Phone does register! and works fine.

I have done the same test with an AudioCodes 440HD, and S4B soft client, and it works fine with only TLS1.2 enabled on the server.

In packet capture I observe that for http over TLS traffic the phone uses TLS1.2, but when it uses TLS.sip traffic it falls back to TLS1.0
Below Screencaps were made when TLS1.0, 1.1, and 1.2 are enabled on S4B.
With only TLS1.2 enabled, the phone won't register.

[Image: 2dm72gx.jpg]

[Image: wj9lhe.png]


Dear customer,

Greeting from Yealink Travis.

For the issue you reported, please kindly try below solution:
Set parameter below via autoprovision:
account.1.sign_in.register_type=2
That means to use NTLM to register the account.

Any update, freely to let me know.

Regards,
Travis
Hi Travis,
We opened a ticket with support, and they suggested the same.
We tried with
account.1.sign_in.register_type=2
and same behavior; still doesn't work with only TLS1.2 enabled on skype servers.
(11-10-2018 01:35 PM)PtheGr8 Wrote: [ -> ]Hi Travis,
We opened a ticket with support, and they suggested the same.
We tried with
account.1.sign_in.register_type=2
and same behavior; still doesn't work with only TLS1.2 enabled on skype servers.

Dear customer,

I've forwarded this message to our RD team, and ask them to check urgently, will keep you posted if any update.
By the way, may I know what's the ticket number? I will keep following as well.

Regards,
Yealink_Travis
Thanks Travis.
Ticket ID 75353

I've been waiting for a resolution for some time now, and indeed it is getting very urgent. I have tried with another brand phones, and they do work on TLS1.2.

we have followed these steps to disable TLS 1.0 and 1.1 in S4B:
https://blogs.technet.microsoft.com/next...15-part-1/
and
https://blogs.technet.microsoft.com/next...15-part-2/
Reference URL's