+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: Disable TLS 1.0 and less secure Cipher Suites (/showthread.php?tid=43250)
Disable TLS 1.0 and less secure Cipher Suites - esachs4 - 10-06-2019 01:26 PM
A client of ours recently had a penetration test done and they found multiple vulnerabilities on the phone system.
I was wondering if there was a way to force TLS 1.1 and 1.2 and disable less secure cipher suites.
Please see attached[attachment=5437][attachment=5438][attachment=5439][attachment=5440]
RE: Disable TLS 1.0 and less secure Cipher Suites - complex1 - 10-07-2019 10:38 AM
(10-06-2019 01:26 PM)esachs4 Wrote: A client of ours recently had a penetration test done and they found multiple vulnerabilities on the phone system.
I was wondering if there was a way to force TLS 1.1 and 1.2 and disable less secure cipher suites.
Please see attached
Hi,
It depend which firmware version the devices are running...
In firmware update x.81.0.70 is added two new supported TLS versions: TLS 1.1 and TLS 1.2
You can configure the TLS version the IP phone uses to negotiate with the provisioning server when using TLS transport method to download the boot file and configuration files from the provisioning server.
The parameter in the auto provision template is as follows: security.default_ssl_method =
It configure the TLS version the IP phone uses to negotiate with the provisioning server when using TLS transport method to download the boot file and configuration files from the provisioning server.
0-use TLS 1.0 to negotiate with the provisioning server.
3-use TLS 1.2 to negotiate with the provisioning server, and it is backward compatible. (Default)
4-use TLS 1.1 to negotiate with the provisioning server.
5-use TLS 1.2 to negotiate with the provisioning server.
Hope this will help.