Overview

After the Ribbon SBC 1000/2000 obtains the required certificates, configuration of several options/attributes on both the server and client is necessary before TLS can employ the certificate(s) in establishing a secure connection. The attributes are configured in TLS profiles. Attributes include, but are not limited to, items such as Client Ciphers, and inactivity timeouts.

TLS Profiles are used by SIP Signaling Groups when the TLS transport type is selected for incoming and outgoing SIP trunks (Listen Ports), and in SIP Server Tables when TLS is selected as the Server Host protocol.

The SBC supports TLS 1.0 Only, TLS 1.2 Only, and TLS 1.0-1.2. SSL 3.0 and SSL 2.0 are not supported due to security risks and vulnerabilities.

TLS 1.2 Only Requirements

The table below lists requirements, such as client, cumulative updates, etc. that are required for using TLS 1.2.

TLS 1.2 Requirements

TLS 1.2Required
Skype for Business On Premises SBA(tick)
WS2012R2 ASM(tick)

Valid with Clients:

  • Lync 2013 (Skype for Business) Desktop Client, MSI and C2R, including Basic 15.0.5023.1000 and higher
  • Skype for Business 2016 Desktop Client, MSI 16.0.4678.1000 and higher, including Basic
  • Skype for Business 2016 Click to Run Require the April 2018 Updates:
    • Monthly and Semi-Annual Targeted – 16.0.9126.2152 and higher
    • Semi-Annual and Deferred Channel – 16.0.8431.2242 and higher
(tick)
Cumulative Updates - Skype for Business - March 2018 or Higher(tick)
ASM Roll-up - June 2018. Apply the Security Template after applying the ASM RollUp.(tick)

Before enabling TLS 1.2 Only on SBA, prepare the Skype for Business environment.

Refer to:  https://blogs.technet.microsoft.com/nexthop/2018/04/18/disabling-tls-1-01-1-in-skype-for-business-server-2015-part-1

(tick)

 

Working with TLS Profiles

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Security > TLS Profiles.

    TLS Profile

     

To view a TLS Profile's properties:

  1. Click the pop-up icon () next to the entry you want to view.
  2. When you are finished, close the window.

To delete an entry, select the checkbox next to the entry and then click the Delete () icon.

Creating and Modifying TLS Profiles