[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
TLS errors
Author Message
jverbarg Offline
Junior Member
**

Posts: 2
Joined: Nov 2020
Reputation: 0
Post: #1
TLS errors
Hey, I just got a new batch of T46S phones, a couple will not register over TLS.

Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate

When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.

How do I stop this? Thanks
11-05-2020 09:07 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
complex1 Offline
3CX Adv. Cert. Engineer
*****

Posts: 1,541
Joined: Jan 2014
Reputation: 48
Post: #2
RE: TLS errors
(11-05-2020 09:07 PM)jverbarg Wrote:  Hey, I just got a new batch of T46S phones, a couple will not register over TLS.

Each phone is configured the same, is on the same firmware version: 66.85.0.5
Has the same hardware version: 66.0.0.128.0.0.0
Has a factory installed device certificate

When I do a capture, they all start negotiating over TLS 1.2, same cipher suite selected (0xc014), but on a couple of the devices, after that initial negotiation, the phone initiates a downgrade to TLS 1.0, which my server then rejects.

How do I stop this? Thanks

Hi,

Please add next to your provisioning file.

Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5

Hope this will help.

Kind regards,
Frank.

I am not an employee of Yealink.
Dutch is my native language, not English. Apologies for my imperfect grammar.
Please do not send unsolicited PM messages. I will not answer them.
11-05-2020 09:26 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jverbarg Offline
Junior Member
**

Posts: 2
Joined: Nov 2020
Reputation: 0
Post: #3
RE: TLS errors
(11-05-2020 09:26 PM)complex1 Wrote:  Please add next to your provisioning file.

Code:
##It configures the TLS version the IP phone uses to authenticate with the server.
static.security.default_ssl_method = 5

Tried that, and I know the setting is applying because when I export the config from the phone, it's in there:

Code:
#!version:1.0.0.1

### This file is the exported MAC-static.cfg.

static.network.wifi.internet_port.type = 0
static.network.wifi.ip_address_mode = 0
static.network.wifi.ipv6_icmp_v6.enable = 1
static.network.wifi.ipv6_internet_port.type = 0
static.network.wifi.ipv6_prefix = 64
static.network.wifi.ipv6_static_dns_enable = 0
static.network.wifi.preference = 0
static.network.wifi.static_dns_enable = 0
static.security.default_ssl_method = 5
static.watch_dog.enable = 0

Still doesn't work. Sad
11-10-2020 08:36 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
complex1 Offline
3CX Adv. Cert. Engineer
*****

Posts: 1,541
Joined: Jan 2014
Reputation: 48
Post: #4
RE: TLS errors
Best to do for now is to submit a support ticket at Yealink.
https://ticket.yealink.com/

Kind regards,
Frank.

I am not an employee of Yealink.
Dutch is my native language, not English. Apologies for my imperfect grammar.
Please do not send unsolicited PM messages. I will not answer them.
11-10-2020 09:18 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication