[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Vulnerability (Sweet32)
Author Message
Lilpombo Offline
Junior Member
**

Posts: 8
Joined: Apr 2022
Reputation: 0
Post: #7
RE: Vulnerability (Sweet32)
(04-20-2022 02:30 AM)complex1 Wrote:  
(04-20-2022 12:31 AM)Lilpombo Wrote:  
(04-19-2022 11:28 PM)complex1 Wrote:  
(04-19-2022 10:35 PM)Lilpombo Wrote:  
(04-13-2022 04:08 PM)complex1 Wrote:  Hi,

Do not use DES, 3DES, IDEA or RC2 as the symmetric encryption cipher, upgrade the firmware or replace the phones for newer ones.

Hi, very thanks for the reply.

The firmware is already updated. I'm trying to adding a line on the cfg file of the phone. see:

sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
static.security.default_ssl_method = 5


I found in this forum someone with similar problem... He made this alteration and solve the problem. But my new problem is: Import of local config files has no effect

I export a local config file (CFG File, I chose Local in the dropdown) via the phones web interfacce
I edit the file
I import the file (same filename as before)
I ok the prompt that the phone should import the new file
the phone is busy and rebooting
none of the changes I made take effect (I reexport the local config file and it hasn't changed


To me it looks like the import feature is not working for CFG files

Any ideas? Anybody successfully used this feature?

Hi,

Are you referring to the question regarding the W52P/W56P models in this post?
http://forum.yealink.com/forum/showthread.php?tid=45753

Yes Smile

Hi,

I'm afraid it's not possible that what you want to do with this model. This model is simply too old for this.

The below is not supported
sip.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
security.tls_cipher_list = AES:!ADH:!LOW:!EXPORT:!NULL
static.security.default_ssl_method = 5

Hello, good morning!


Well, i'm replying this question again because I need to buy some new phones... can you send me Yealink Telephone models that doesn't have weak cipher or sweet32 vulnerabilities?

Some that I can disable ssl cipher and enable tls... Huh
07-18-2022 08:58 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Vulnerability (Sweet32) - Lilpombo - 04-13-2022, 02:39 AM
RE: Vulnerability (Sweet32) - complex1 - 04-13-2022, 04:08 PM
RE: Vulnerability (Sweet32) - Lilpombo - 04-19-2022, 10:35 PM
RE: Vulnerability (Sweet32) - complex1 - 04-19-2022, 11:28 PM
RE: Vulnerability (Sweet32) - Lilpombo - 04-20-2022, 12:31 AM
RE: Vulnerability (Sweet32) - complex1 - 04-20-2022, 02:30 AM
RE: Vulnerability (Sweet32) - Lilpombo - 07-18-2022 08:58 PM
RE: Vulnerability (Sweet32) - Lilpombo - 08-10-2022, 10:10 PM
RE: Vulnerability (Sweet32) - complex1 - 08-11-2022, 03:08 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication