Versions Compared

Old Version 3

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies the cipher suite parameter exchanged and negotiated in the SIP TLS client handshake message. The list is automatically populated with the ciphers supported for the selected TLS Protocol.

The SBC 1000/2000 The 

Spacevars
0product
supports the following TLS cipher suites:

  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES256_CBC_SHA
  • TLS_RSA_WITH_AES128_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
Note
titleLync Cipher Incompatability

 The TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is incompatible with Lync servers.

...

Panel
bgColor#FAFAFA
borderStylenone

The Validate Server FQDN is an enhanced security feature of the Sonus SBC 1000/2000

Spacevars
0product
, which is disabled if the common name in the certificate is an IP address ( a practice observed by some ITSP's). This field is only visible when Validate Peer Server Certificate is enabled and Mutual Authentication is disabled.

Validate Server FQDN (enabled) option allows the Sonus SBC 1000/2000 the 

Spacevars
0product
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against the host that is configured in the SIP Server table of Sonus SBC 1000/2000 of 
Spacevars
0product
(protocol must be TLS and the Host must be in the form of FQDN).

Note
  • Spacevars
    0product
     does
Sonus SBC 1000/2000 does
  • not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).
  • Make sure this parameter is set to Disabled if the peer server is using an IP address.

Mutual Authentication

Panel
bgColor#FAFAFA
borderStylenone

Enables the Mutual authentication request and verifications of the SIP peer client certificate.

Note

This setting is part of the standard level of Mutual TLS security. Mutual Authentication includes a check on the certificate dates for certificate validity and whether the certificate is signed by a local trusted root CA.

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies the reverse DNS lookup of a peer's FQDN. Used to verify the identity of the SIP peer client certificate.

This action takes place when both, MTLS and "Validate Client FQDN" are enabled. If MTLS is disabled, the "Validate Client FQDN" is also disabled. "Validate Client FQDN" is an enhanced security feature of Sonus SBC 1000/2000

Spacevars
0product
, which could be disabled if the common name in the certificate is an IP address (some ITSP's do that). "Validate Client FQDN" Enabled option allows Sonus SBC 1000/2000 allows 
Spacevars
0product
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against a reverse DNS lookup of the IP address to an FQDN.

Note

Spacevars
0product
 does Sonus SBC 1000/2000 does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).