Hey, I just got a new batch of T46S phones, a couple will not register over TLS.
Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate
When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.
How do I stop this? Thanks
(11-05-2020 09:07 PM)jverbarg Wrote: [ -> ]Hey, I just got a new batch of T46S phones, a couple will not register over TLS.
Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate
When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.
How do I stop this? Thanks
Hi,
Please add next to your provisioning file.
Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5
Hope this will help.
(11-05-2020 09:26 PM)complex1 Wrote: [ -> ]Please add next to your provisioning file.
Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5
Tried that, and I know the setting is applying because when I export the config from the phone, it's in there:
Code:
#!version:1.0.0.1
### This file is the exported MAC-static.cfg.
static.network.wifi.internet_port.type = 0
static.network.wifi.ip_address_mode = 0
static.network.wifi.ipv6_icmp_v6.enable = 1
static.network.wifi.ipv6_internet_port.type = 0
static.network.wifi.ipv6_prefix = 64
static.network.wifi.ipv6_static_dns_enable = 0
static.network.wifi.preference = 0
static.network.wifi.static_dns_enable = 0
static.security.default_ssl_method = 5
static.watch_dog.enable = 0
Still doesn't work.