Yealink Forums

Full Version: Disable TLS 1.0 and less secure Cipher Suites
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
A client of ours recently had a penetration test done and they found multiple vulnerabilities on the phone system.

I was wondering if there was a way to force TLS 1.1 and 1.2 and disable less secure cipher suites.

Please see attached[attachment=5437][attachment=5438][attachment=5439][attachment=5440]
(10-06-2019 01:26 PM)esachs4 Wrote: [ -> ]A client of ours recently had a penetration test done and they found multiple vulnerabilities on the phone system.

I was wondering if there was a way to force TLS 1.1 and 1.2 and disable less secure cipher suites.

Please see attached

Hi,

It depend which firmware version the devices are running...
In firmware update x.81.0.70 is added two new supported TLS versions: TLS 1.1 and TLS 1.2
You can configure the TLS version the IP phone uses to negotiate with the provisioning server when using TLS transport method to download the boot file and configuration files from the provisioning server.

The parameter in the auto provision template is as follows: security.default_ssl_method =

It configure the TLS version the IP phone uses to negotiate with the provisioning server when using TLS transport method to download the boot file and configuration files from the provisioning server.
0-use TLS 1.0 to negotiate with the provisioning server.
3-use TLS 1.2 to negotiate with the provisioning server, and it is backward compatible. (Default)
4-use TLS 1.1 to negotiate with the provisioning server.
5-use TLS 1.2 to negotiate with the provisioning server.

Hope this will help.
Reference URL's