Yealink Forums
T46S SSL - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: T4x Series (/forumdisplay.php?fid=31)
+--- Thread: T46S SSL (/showthread.php?tid=41305)

Pages: 1 2


T46S SSL - Mycal - 11-15-2017 06:16 PM

Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,


RE: T46S SSL - Kevin_Yealink - 11-16-2017 06:56 AM

(11-15-2017 06:16 PM)Mycal Wrote:  Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,

Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin


RE: T46S SSL - Mycal - 11-28-2017 06:58 PM

We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?



(11-16-2017 06:56 AM)Kevin_Yealink Wrote:  
(11-15-2017 06:16 PM)Mycal Wrote:  Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,

Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin



RE: T46S SSL - Kevin_Yealink - 11-29-2017 07:10 AM

(11-28-2017 06:58 PM)Mycal Wrote:  We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?



(11-16-2017 06:56 AM)Kevin_Yealink Wrote:  
(11-15-2017 06:16 PM)Mycal Wrote:  Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,

Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin

Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


RE: T46S SSL - Mycal - 11-29-2017 05:28 PM

(11-29-2017 07:10 AM)Kevin_Yealink Wrote:  
(11-28-2017 06:58 PM)Mycal Wrote:  We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?



(11-16-2017 06:56 AM)Kevin_Yealink Wrote:  
(11-15-2017 06:16 PM)Mycal Wrote:  Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,

Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin

Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,


RE: T46S SSL - Kevin_Yealink - 11-29-2017 05:35 PM

(11-29-2017 05:28 PM)Mycal Wrote:  
(11-29-2017 07:10 AM)Kevin_Yealink Wrote:  
(11-28-2017 06:58 PM)Mycal Wrote:  We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?



(11-16-2017 06:56 AM)Kevin_Yealink Wrote:  
(11-15-2017 06:16 PM)Mycal Wrote:  Hey all,

Does anyone happen to know if there is a setting or firmware update that disables SSL v2 v3 and DES and IDEA ciphers for this model phone? They are showing up on vulnerability scans.

Thank you,

Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin

Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,



RE: T46S SSL - Kevin_Yealink - 11-29-2017 05:36 PM

(11-29-2017 05:35 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:28 PM)Mycal Wrote:  
(11-29-2017 07:10 AM)Kevin_Yealink Wrote:  
(11-28-2017 06:58 PM)Mycal Wrote:  We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?



(11-16-2017 06:56 AM)Kevin_Yealink Wrote:  Hi

We support to disable it. Please kindly Auto provision the phone with below parameter:
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL

Let me know if any update.

BR
Kevin

Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,

Hi

Not, it will only configure this parameter, it will not clear other configuration.

Best Regards,
Kevin


RE: T46S SSL - Mycal - 11-29-2017 05:43 PM

(11-29-2017 05:36 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:35 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:28 PM)Mycal Wrote:  
(11-29-2017 07:10 AM)Kevin_Yealink Wrote:  
(11-28-2017 06:58 PM)Mycal Wrote:  We cannot due to the structure and architecture of our network auto provision the phones. Is there any way to make this change other than auto provisioning?

Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,

Hi

Not, it will only configure this parameter, it will not clear other configuration.

Best Regards,
Kevin


Hey Kevin,

Could you send me some documentation on how to generate the config file and what I would need to do to set up the auto provision server and how to point the phones at it?

Thank you,


RE: T46S SSL - Kevin_Yealink - 11-29-2017 05:58 PM

(11-29-2017 05:43 PM)Mycal Wrote:  
(11-29-2017 05:36 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:35 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:28 PM)Mycal Wrote:  
(11-29-2017 07:10 AM)Kevin_Yealink Wrote:  Hi

This method only can configure via AutoP. AutoP is easy for you and you just need to set up a small HTTP server in your personal computer.
I attached provision cfg file and guide for how to provision with HFS tool.
Please kindly test in your side.


Best Regards
Kevin


Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,

Hi

Not, it will only configure this parameter, it will not clear other configuration.

Best Regards,
Kevin


Hey Kevin,

Could you send me some documentation on how to generate the config file and what I would need to do to set up the auto provision server and how to point the phones at it?

Thank you,

Hi

You can get all file from this link:
https://ftp.yealink.com/?ShareToken=24C21580AFF5FABB1CA258B39E8FD68E66E5918E

Best Regards,
Kevin


RE: T46S SSL - Mycal - 11-30-2017 02:15 PM

(11-29-2017 05:58 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:43 PM)Mycal Wrote:  
(11-29-2017 05:36 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:35 PM)Kevin_Yealink Wrote:  
(11-29-2017 05:28 PM)Mycal Wrote:  Hey Kevin,

As I previously stated auto provisioning will not work given our architecture we do not have these phones on a local subnet and in certain cases we do not have access to the phones at all. Is there a way to manually import said config file? Will this config file remove the manually configured settings on the phones? If so will we need to generate a config file for each phone specifically?

Thank you,

Hi

Not, it will only configure this parameter, it will not clear other configuration.

Best Regards,
Kevin


Hey Kevin,

Could you send me some documentation on how to generate the config file and what I would need to do to set up the auto provision server and how to point the phones at it?

Thank you,

Hi

You can get all file from this link:
https://ftp.yealink.com/?ShareToken=24C21580AFF5FABB1CA258B39E8FD68E66E5918E

Best Regards,
Kevin


Thank you very much Kevin! One last thing they came up showing support for the DES and IDEA ciphers could you give me the lines I would need to add to disable that was well?

Thank you,