Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb41059c8a00a0c85bb25531015bc4122a4f0003, userName='null'}
JIRAIDAUTHSYM-2727729077
REV5UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d00038a00a0c85bb25531015bc4122a4f0003, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca2f03d18a00a0c85bb25531015bc4122a4f0003, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc5207f0, userName='null'}REV4UserResourceIdentifier{userKey=8a00a0c85c46b657015d4f57d577001c8a00a02355cd1c2f0155cd26ca2f03d1, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c9d6032b, userName='null'}REV2UserResourceIdentifier{userKey=8a00a0c86a61778d016a7d0876df0017, userName='null'}

To create or modify a TLS Profile:

...

  1. Click the CreateTLS Profile ( ) icon at the top of the TLS Profile page.

    PanelborderStylenone

    Caption
    0Figure
    1Create TLS Profile

    Image RemovedImage Added


    Anchor
    properties
    properties

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies the TLS Protocol. Valid entries: TLS 1.0 Only, TLS 1.2 Only, or TLS 1.0 - 1.2. Once the TLS is option is selected, the Client Cipher List is automatically updated to display only the ciphers supported for the selected TLS version. 

Note

The TLS version you choose for the SBC TLS Profile must match the TLS version configured in the SBA security for the associated SIP Server.

For TLS  Profile in SBC...Select the TLS below in SBA Security Template
TLS 1.0 OnlyTLS 1.0-1.2
TLS 1.2 Only
TLS 1.2 only or TLS 1.0-1.2
TLS 1.0 - 1.2TLS 1.0-1.2



Pagebreak

Mutual Authentication

...

Panel
bgColor#FAFAFA
borderStylenone

Specifies the cipher suite parameter exchanged and negotiated in the SIP TLS client handshake message. The list is automatically populated with the ciphers supported for the selected TLS Protocol.

The 

Spacevars
0product
supports the following TLS cipher suites: 

Available_since
Release9.0.7

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES256_CBC_SHA
  • TLS_RSA_WITH_AES128_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
Note
titleLync Cipher Incompatability

 The TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is incompatible with Lync servers.


...

Panel
bgColor#FAFAFA
borderStylenone

Specifies whether or not to verify the identity of a peer server. Available when Mutual Authentication is disabled.

Note

This setting is part of the standard level of Mutual TLS security. Verify Peer Server Certificate implies that Mutual Authentication is enabled first. Verify Peer Server Certificate includes a check on the certificate dates for certificate validity and whether the certificate is signed by a local trusted root CA.


Pagebreak

Caption
0Figure
1Verify Peer Server Certificate

...

Image Added


Validate Server FQDN

Panel
bgColor#FAFAFA
borderStylenone

The Validate Server FQDN is an enhanced security feature of the

Spacevars
0product
, which is disabled if the common name in the certificate is an IP address ( a practice observed by some ITSP's). This field is only visible when Mutual Authentication is disabled and Validate Peer Server Certificate.

Validate Server FQDN (enabled) option allows the 

Spacevars
0product
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against the host that is configured in the SIP Server table of 
Spacevars
0product
(protocol must be TLS and the Host must be in the form of FQDN).

Note
  • Spacevars
    0product
     does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).
  • Make sure this parameter is set to Disabled if the peer server is using an IP address.


...