Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a0c862eadf5e0163170affe7001b, userName='null'}
JIRAIDAUTHCHOR-265411114
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca2f03d18a00a02355cd1c2f0155cd26cb230570, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca2f03d18a00a02355cd1c2f0155cd26ce8a0be8, userName='null'}


Info
titleNote

TLS 1.0 and TLS 1.1 are scheduled for deprecation deprecated and are currently retained not available for backward compatibility.

...

To create or modify a TLS Profile:

Excerpt Include
UXDOC122:Managing TLS ProfilesUXDOC122:
Managing TLS Profiles
nopaneltrue

Modifying a TLS Profile

Include Page
UXDOC122:_Modify_EntryUXDOC122:
_Modify_Entry
nopaneltrue

Creating a TLS Profile

...

Specifies the TLS Protocol. Valid entries: TLS 1.0- 1.3, TLS 1.2-1.3, TLS 1.2 or TLS 1.3. Once the TLS is option is selected, the Client Cipher List is automatically updated to display only the ciphers supported for the selected TLS version. 

Note

The TLS version you choose for the SBC TLS Profile must match the TLS version configured in the SBA security for the associated SIP Server.

TLS 1.0, 1.1, 1.2 and 1.3
For TLS Profile in SBC...Select the TLS below in SBA Security TemplateTLS 1.0-1.3
TLS 1.2-1.3
TLS 1.2-1.3
TLS 1.2TLS 1.2
TLS 1.3TLS 1.3


...

  • TLS_CHACHA20_POLY1305_SHA256    
  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256   
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_3DES_EDE_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES256_CBC_SHA
  • TLS_RSA_WITH_AES128_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
Note
titleLync Cipher Incompatability

 The TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is incompatible with Lync servers.

Info

The cipher list must be provided while configuring SBC using REST. The SBC will try to use the existing cipher list configured when setting the TLS Protocol; if this matches the TLS Protocol being configured it will be successful. If it does not match or the Client Cipher List is empty then the REST command will be rejected.

Verify Peer Server Certificate

...

The Validate Server FQDN is an enhanced security feature of the

Spacevars
0product
, which is disabled if the common name in the certificate is an IP address ( a practice observed by some ITSP's). This field is only visible when Mutual Authentication is disabled and Validate Peer Server Certificate. 

Validate Server FQDN (enabled) option allows the 

Spacevars
0product
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against the host that is configured in the SIP Server table of 
Spacevars
0product
(protocol must be TLS and the Host must be in the form of FQDN).

Note
  • Spacevars
    0product
     does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).
  • Make sure this parameter is set to Disabled if the peer server is using an IP address.


Certificate (

...

Common Attributes)

Specifies the certificate (primary or supplementary) that is in use and that the

Spacevars
0product2
sends when the
Spacevars
0product2
receives the certificate request from the destination endpoint during the Mutual TLS handshake process. The client attributes of the TLS profile associate with the SIP Server Table entries configured for the TLS protocol. The default is the primary certificate.

Additionally, the certificate (primary or supplementary) specifies that it is in use and that the
Spacevars
0product2
sends to the endpoint that initiates the TLS handshake process. The server attributes of the TLS profile associate with the SIP SG Listener Port entries configured for the TLS protocol. The default is the primary certificate.

...

This action takes place when both, Mutual Authentication and Validate Client FQDN are enabled. If Mutual Authentication is disabled, the Validate Client FQDN is also disabled.  Validate Client FQDN is an enhanced security feature of

Spacevars
0product
, which could be disabled if the common name in the certificate is an IP address (some ITSP's do that). When the Validate Client FQDN is enabled, this option allows 
Spacevars
0product
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against a reverse DNS lookup of the IP address to an FQDN.

Note

Spacevars
0product
 does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).

Certificate (Server Attributes)

...

Spacevars
0product2

...

.