Yealink Forums

Full Version: TLS errors
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hey, I just got a new batch of T46S phones, a couple will not register over TLS.

Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate

When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.

How do I stop this? Thanks
(11-05-2020 09:07 PM)jverbarg Wrote: [ -> ]Hey, I just got a new batch of T46S phones, a couple will not register over TLS.

Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate

When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.

How do I stop this? Thanks

Hi,

Please add next to your provisioning file.

Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5

Hope this will help.
(11-05-2020 09:26 PM)complex1 Wrote: [ -> ]Please add next to your provisioning file.

Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5

Tried that, and I know the setting is applying because when I export the config from the phone, it's in there:

Code:
#!version:1.0.0.1

### This file is the exported MAC-static.cfg.

static.network.wifi.internet_port.type = 0
static.network.wifi.ip_address_mode = 0
static.network.wifi.ipv6_icmp_v6.enable = 1
static.network.wifi.ipv6_internet_port.type = 0
static.network.wifi.ipv6_prefix = 64
static.network.wifi.ipv6_static_dns_enable = 0
static.network.wifi.preference = 0
static.network.wifi.static_dns_enable = 0
static.security.default_ssl_method = 5
static.watch_dog.enable = 0

Still doesn't work. Sad
Best to do for now is to submit a support ticket at Yealink.
https://ticket.yealink.com/
Reference URL's