T4x: Possible to deactivate TLS 1.2 / disable HTTP redirection?

[Fritz-EDV]

Greetings community!

We are using the PhoneSuite CTI Software with Yealink phones - the TAPI Driver of this Software is connecting to the phone using IExplore core component. This was working fine some Firmware versions ago. After recently updating to 66.85.0.5 the TAPI Driver throws "HTTPS/SSL error" - This is caused due to a bug / incompatibility in IE with SSL2 in conjunction with TLS1.2 preventing successful connection to the phone. Workaround would be, to deactivate HTTPS function in Yealink phone completely. We would prefer, to not do this "workaround". We would rather like to just deactivate TLS 1.2 in phone config and fall back to TLS1.1. Is there a way to do this? Other solution would be, to disable HTTP redirection in phones webserver. TAPI Driver is only functioning properly with HTTP - but phone is forcing HTTP requests to be redirected to HTTPS in recent FW causing the mentioned bug above.

Are there any other solutions than "disable HTTPS" right now?

Thanks in advance!

For reference:
https://support.microsoft.com/en-us/help...-and-tls-1

https://translate.google.com/translate?s...Findex.htm - only in german, translated via google.

[complex1]

(06-12-2020 02:06 PM)Fritz-EDV Wrote:  Greetings community!

We are using the PhoneSuite CTI Software with Yealink phones - the TAPI Driver of this Software is connecting to the phone using IExplore core component. This was working fine some Firmware versions ago. After recently updating to 66.85.0.5 the TAPI Driver throws "HTTPS/SSL error" - This is caused due to a bug / incompatibility in IE with SSL2 in conjunction with TLS1.2 preventing successful connection to the phone. Workaround would be, to deactivate HTTPS function in Yealink phone completely. We would prefer, to not do this "workaround". We would rather like to just deactivate TLS 1.2 in phone config and fall back to TLS1.1. Is there a way to do this? Other solution would be, to disable HTTP redirection in phones webserver. TAPI Driver is only functioning properly with HTTP - but phone is forcing HTTP requests to be redirected to HTTPS in recent FW causing the mentioned bug above.

Are there any other solutions than "disable HTTPS" right now?

Thanks in advance!

For reference:
https://support.microsoft.com/en-us/help...-and-tls-1

https://translate.google.com/translate?s...Findex.htm - only in german, translated via google.

Hi,

What you can do to deactivate TLS1.2 and activate TLS1.1 is auto provisioning:
static.security.default_ssl_method = 4
This configures the TLS version to use for handshake negotiation between the phone and server (for example, SIP registration server, provisioning server)

Hope this will help.

[Fritz-EDV]

(06-12-2020 03:31 PM)complex1 Wrote:  Hi,

What you can do to deactivate TLS1.2 and activate TLS1.1 is auto provisioning:
static.security.default_ssl_method = 4
This configures the TLS version to use for handshake negotiation between the phone and server (for example, SIP registration server, provisioning server)

Hope this will help.

Thanks for your reply! In the meantime i stumbled across another thread mentioning this option. I had already tried - but without success. Seems like the TAPI driver is not compatible with HTTPS at all and not "only faulty" due to the mentioned TLS bug.

So only chance seems to be to disable HTTP -> HTTPS redirection in phone webserver. But I think such feature has to be added from Yealink development team. Maybe they can add a checkbox in EWS to enable / disable this

[complex1]

(06-12-2020 03:42 PM)Fritz-EDV Wrote:  

(06-12-2020 03:31 PM)complex1 Wrote:  Hi,

What you can do to deactivate TLS1.2 and activate TLS1.1 is auto provisioning:
static.security.default_ssl_method = 4
This configures the TLS version to use for handshake negotiation between the phone and server (for example, SIP registration server, provisioning server)

Hope this will help.

Thanks for your reply! In the meantime i stumbled across another thread mentioning this option. I had already tried - but without success. Seems like the TAPI driver is not compatible with HTTPS at all and not "only faulty" due to the mentioned TLS bug.

So only chance seems to be to disable HTTP -> HTTPS redirection in phone webserver. But I think such feature has to be added from Yealink development team. Maybe they can add a checkbox in EWS to enable / disable this

Then try:
static.wui.https_enable = 0
(Network > Advanced > Web Server > HTTPS)
This disables to access the web user interface of the phone over a secure tunnel (HTTPS)

[Fritz-EDV]

(06-12-2020 03:55 PM)complex1 Wrote:  Then try:
static.wui.https_enable = 0
(Network > Advanced > Web Server > HTTPS)
This disables to access the web user interface of the phone over a secure tunnel (HTTPS)

Won't this option shut down HTTPS function entirely for this device?

[complex1]

(06-12-2020 04:05 PM)Fritz-EDV Wrote:  

(06-12-2020 03:55 PM)complex1 Wrote:  Then try:
static.wui.https_enable = 0
(Network > Advanced > Web Server > HTTPS)
This disables to access the web user interface of the phone over a secure tunnel (HTTPS)

Won't this option shut down HTTPS function entirely for this device?

No. Only the web user interface.