10-21-2018, 01:51 PM
Skype for Business On-Prem 2015 Enterprise, with latest CU updates to support TLS 1.2
Phones: CP960, T46S
CP960:
Firmware Version 73.8.0.27
Hardware Version 73.0.0.9.0.0.0
On Skype servers disable all encryption Protocols except TLS1.2 .
Phone does not register!
On Skype servers enable TLS1.0, TLS 1.1, and TLS1.2. use the same Cipher-suites as before.
Phone does register! and works fine.
I have done the same test with an AudioCodes 440HD, and S4B soft client, and it works fine with only TLS1.2 enabled on the server.
In packet capture I observe that for http over TLS traffic the phone uses TLS1.2, but when it uses TLS.sip traffic it falls back to TLS1.0
Below Screencaps were made when TLS1.0, 1.1, and 1.2 are enabled on S4B.
With only TLS1.2 enabled, the phone won't register.
Phones: CP960, T46S
CP960:
Firmware Version 73.8.0.27
Hardware Version 73.0.0.9.0.0.0
On Skype servers disable all encryption Protocols except TLS1.2 .
Phone does not register!
On Skype servers enable TLS1.0, TLS 1.1, and TLS1.2. use the same Cipher-suites as before.
Phone does register! and works fine.
I have done the same test with an AudioCodes 440HD, and S4B soft client, and it works fine with only TLS1.2 enabled on the server.
In packet capture I observe that for http over TLS traffic the phone uses TLS1.2, but when it uses TLS.sip traffic it falls back to TLS1.0
Below Screencaps were made when TLS1.0, 1.1, and 1.2 are enabled on S4B.
With only TLS1.2 enabled, the phone won't register.