Overview
After the Ribbon SBC 1000/2000 obtains the required certificates, configuration of several options/attributes on both the server and client is necessary before TLS can employ the certificate(s) in establishing a secure connection. The attributes are configured in TLS profiles. Attributes include, but are not limited to, items such as Client Ciphers, and inactivity timeouts.
TLS Profiles are used by SIP Signaling Groups when the TLS transport type is selected for incoming and outgoing SIP trunks (Listen Ports), and in SIP Server Tables when TLS is selected as the Server Host protocol.
The SBC supports TLS 1.0 Only, TLS 1.2 Only, and TLS 1.0-1.2. SSL 3.0 and SSL 2.0 are not supported due to security risks and vulnerabilities.
TLS 1.2 Only Requirements
The table below lists requirements, such as client, cumulative updates, etc. that are required for using TLS 1.2.
TLS 1.2 Requirements
TLS 1.2 | Required |
---|---|
Skype for Business On Premises SBA | |
WS2012R2 ASM | |
Valid with Clients:
| |
Cumulative Updates - Skype for Business - March 2018 or Higher | |
ASM Roll-up - June 2018. Apply the Security Template after applying the ASM RollUp. | |
Before enabling TLS 1.2 Only on SBA, prepare the Skype for Business environment. |
Working with TLS Profiles
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Security > TLS Profiles.
To view a TLS Profile's properties:
- Click the pop-up icon () next to the entry you want to view.
- When you are finished, close the window.
To delete an entry, select the checkbox next to the entry and then click the Delete () icon.
Additional topic: