Versions Compared

Old Version 6

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

About this Resource

Available_since
Type Available Since
Release1.3.0
Excerpt

Defines a TLS Profile Table to be used in a SIP Signaling Group.

REST API Methods for this Resource

Resource Schema

Configuration

ClientCipher
  • 9 ECDHE-RSA-AES128-GCM-SHA256
  • 10 ECDHE-RSA-AES256-GCM-SHA384
Enabling the AllowWeakCiphers option, and support for the DES-CBC-SHA cipher, is deprecated with Release 6.0. This option will be removed in a future release.
Parameter Name Required Service Affecting Data Type Default Value Possible Values Description
DescriptionNoNostringnone64 - Max LengthDescription of the profile
TLSVersionYesYesEnum2Possible values:
  • 0 - e_tls1_2
  • 1 - e_tls1_0
  • 2 - e_tlsany
Defines TLS Protocol Version. By default system would accept all TLS protocol versions up to 1.2. The SBC Client as a client would initiate highest supported version, which is TLS 1.2. AllowWeakCiphersYesYesEnum0Possible values: 0 - btFalse
  • 1 - btTrue
    		•  When Enabled, allows TLS-Server to accept clients communicating with DES-CBC-SHA. TLS Server would not allow weak cipher by default.
    Warning

    Enabling the AllowWeakCiphers option, and support for the DES-CBC-SHA cipher, is deprecated with Release 6.0. This option will be removed in a future release.

    HandshakeTimeoutYesYesint10Possible values:
    • 1 - Minimum
    • 30 - Maximum
    		 Specifies the SIP TLS client and server handshake inactivity timeout interval. The control timeout setting will abnormally terminate (with error) the TLS handshake session for a long period of inactivity between each TLS handshake message exchange. Recommended setting should be set to maximum 30 seconds due to network congestion.
    MutualAuthYesNoint1Possible values:
    • 0 - Minimum
    • 1 - Maximum
    		 Specifies the authentication method option using the Mutual TLS in the SIP TLS server handshake exchange message. This enables the Mutual authentication request and verifications of the SIP peer client certificate.
    VerifyPeersCertificateYesNoint1Possible values:
    • 0 - Minimum
    • 1 - Maximum
    		 Specifies the authentication method option of verifying the identity of the received SIP peer server certificate during the SIP TLS client handshake exchange message. This enables the verifications of the SIP peer server certificate. YesNoEnum3Possible values:
    • 0 - e_tlsCiNone
    • 1 - e_tlsCiAES128_SHA
    • 2 - e_tlsCiDES_CBC3_SHA
    • 3 - e_tlsCiDES_CBC3_AES128_SHA
    • 4 - e_tlsCiDES_CBC_SHA
    • 5 - e_tlsCiAllFIPandNonFIPs
    Specifies the cipher suite parameter exchanged and negotiated in the SIP TLS client handshake message. Set of cipher suites parameter as a comma-separated list are ordered by preference:
    • 1 AES128-SHA
      - Recommended as per FIPS stronger security
    • 2 DES-CBC3-SHA
      - Required when peer device does not support AES128-SHA
    • 3 AES128-SHA, DES-CBC3-SHA
      - Required for backward compatibility where peer cipher suite selection and support is unknown
    		ClientCipherSequenceYesNostring10,9,6,5,7,4,3,1,0,232 - Max Length Set of cipher suite(s) as comma seperated string in order of preference as security parameter negotiation with the remote system. Enumeration List:
    • 0 AES128-SHA
    • 1 AES256-SHA
    • 2 DES-CBC3-SHA
    • 3 AES128-SHA256
    • 4 AES256-SHA256
    • 5 ECDHE-RSA-AES128-SHA256
    • 6 ECDHE-RSA-AES256-SHA384
    • 7 ECDHE-RSA-DES-CBC3-SHA
    • 8 DES-CBC-SHA
    Note

    Selecting the DES-CBC-SHA cipher requires also enabling the "AllowWeakCiphers" option.

    Warning
    ValidateClientFQDNYesNoint1Possible values:
    • 0 - Minimum
    • 1 - Maximum
    		If enabled runs reverse DNS lookup to verify peer's FQDN.
    ValidateServerFQDNYesNoEnum1Possible values:
    • 0 - btFalse
    • 1 - btTrue
    		If enabled performs validation of configured SIP Server host FQDN with the verify peer's FQDN.
    ClientCertificateYesNoint1Possible values:
    • 1 - Minimum
    • 26 - Maximum
    		Identifies the client certificate to be used for the TLS connection.
    ServerCertificateNoNoint1Possible values:
    • 1 - Minimum
    • 26 - Maximum
    		Identifies the server certificate to be used for the TLS connection. As of release 10.0, same certificate is used for both client and server TLS connections. The value of the Client Certificate is always used as a Server Certificate value.
    FallbackCompatibleModeYesNoEnum0Possible values:
    • 0 - btFalse
    • 1 - btTrue
    		If enabled SSLv2 and SSLv3 variants to TLS1.0 will be negotiated when the compatibility with the peer is important.