Yealink Forums

Full Version: Yealink T53-w and OpenVPN
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello, we currently are using Yealink SIP-T53w phones. These phones report to our on-prem FreePBX phone system. A few of the phones are remote phones that we have an OpenVPN certificate applied to. The VPN certificates we're using are RSA-SHA1 which is a weak digest/algorithm and no longer supported on our firewalls. Since upgrading the firewalls and creating new certificates for SHA-256, the phones no longer work. Are these phones only compatible with RSA-SHA1?
(01-11-2024 12:34 AM)jkalber Wrote: [ -> ]Hello, we currently are using Yealink SIP-T53w phones. These phones report to our on-prem FreePBX phone system. A few of the phones are remote phones that we have an OpenVPN certificate applied to. The VPN certificates we're using are RSA-SHA1 which is a weak digest/algorithm and no longer supported on our firewalls. Since upgrading the firewalls and creating new certificates for SHA-256, the phones no longer work. Are these phones only compatible with RSA-SHA1?

Hi,

Please correct me if I'm wrong, but as far as I know, the phone supports AES 256 and not SHA 256.
(01-11-2024 04:39 AM)complex1 Wrote: [ -> ]
(01-11-2024 12:34 AM)jkalber Wrote: [ -> ]Hello, we currently are using Yealink SIP-T53w phones. These phones report to our on-prem FreePBX phone system. A few of the phones are remote phones that we have an OpenVPN certificate applied to. The VPN certificates we're using are RSA-SHA1 which is a weak digest/algorithm and no longer supported on our firewalls. Since upgrading the firewalls and creating new certificates for SHA-256, the phones no longer work. Are these phones only compatible with RSA-SHA1?

Hi,

Please correct me if I'm wrong, but as far as I know, the phone supports AES 256 and not SHA 256.

I'm referring Auth digest algorithm. I found some documentation on Yealink's site and noticed it says IP Phones support MD5 and SHA1 signature algorithms.

https://support.yealink.com/en/portal/kn...76bd07181e
(01-11-2024 09:17 PM)jkalber Wrote: [ -> ]
(01-11-2024 04:39 AM)complex1 Wrote: [ -> ]
(01-11-2024 12:34 AM)jkalber Wrote: [ -> ]Hello, we currently are using Yealink SIP-T53w phones. These phones report to our on-prem FreePBX phone system. A few of the phones are remote phones that we have an OpenVPN certificate applied to. The VPN certificates we're using are RSA-SHA1 which is a weak digest/algorithm and no longer supported on our firewalls. Since upgrading the firewalls and creating new certificates for SHA-256, the phones no longer work. Are these phones only compatible with RSA-SHA1?

Hi,

Please correct me if I'm wrong, but as far as I know, the phone supports AES 256 and not SHA 256.

I'm referring Auth digest algorithm. I found some documentation on Yealink's site and noticed it says IP Phones support MD5 and SHA1 signature algorithms.

https://support.yealink.com/en/portal/kn...76bd07181e

Submit a ticket to the Yealink support team?
https://ticket.yealink.com/
Reference URL's