CSS Stylesheet |
---|
img.confluence-embedded-image { display: inline-block !important; } |
Add_workflow_for_techpubs |
---|
AUTH2 | UserResourceIdentifier{userKey=8a00a0c862eadf5e0163170affe7001b, userName='null'} |
---|
AUTH1 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
JIRAIDAUTH | CHOR-5789 |
---|
REV5 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
REV6 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
REV3 | UserResourceIdentifier{userKey=8a00a0c86a61778d016a7d0876df0017, userName='null'} |
---|
REV1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cef30cd0, userName='null'} |
---|
|
...
Click the Create TLS Profile ( ) icon at the top of the TLS Profile page.
Create TLS - SBC SWe Edge and SBC 1000/2000
Create TLS Profile - SBC CNe Edge
Image Removed
...
Panel |
---|
bgColor | #FAFAFA |
---|
borderStyle | none |
---|
|
Specifies the cipher suite parameter exchanged and negotiated in the SIP TLS client handshake message. The list is automatically populated with the ciphers supported for the selected TLS Protocol.For and SBC 1000/2000: Available_since |
---|
| Release | 11.0.1The
supports the following TLS cipher suites:- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES256_CBC_SHA
- TLS_RSA_WITH_AES128_CBC_SHA
- TLS_RSA_WITH_DES_CBC_SHA
Note |
---|
title | Lync Cipher Incompatability |
---|
|
The TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is incompatible with Lync servers. |
For :
The spacevars
---|
|
supports the following TLS cipher suites:- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES256_CBC_SHA
- TLS_RSA_WITH_AES128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
Only 3 ciphers are allowed per profile in the
cluster.
Verify Peer Server Certificate
Panel |
---|
bgColor | #FAFAFA |
---|
borderStyle | none |
---|
| Include Page |
Not_Applicable_to_CloudNative |
| Not_Applicable_to_CloudNative | Specifies whether or not to verify the identity of a peer server. Available when Mutual Authentication is disabled. Note |
---|
This setting is part of the standard level of Mutual TLS security. Verify Peer Server Certificate implies that Mutual Authentication is enabled first. Verify Peer Server Certificate includes a check on the certificate dates for certificate validity and whether the certificate is signed by a local trusted root CA. |
...
Panel |
---|
bgColor | #FAFAFA |
---|
borderStyle | none |
---|
| Include Page |
Not_Applicable_to_CloudNative |
| Not_Applicable_to_CloudNative | The Validate Server FQDN is an enhanced security feature of the , which is disabled if the common name in the certificate is an IP address ( a practice observed by some ITSP's). This field is only visible when Mutual Authentication is disabled and Validate Peer Server Certificate.Validate Server FQDN (enabled) option allows the
to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against the host that is configured in the SIP Server table of (protocol must be TLS and the Host must be in the form of FQDN). Note |
---|
- does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN).
- Make sure this parameter is set to Disabled if the peer server is using an IP address.
|
...
Panel |
---|
bgColor | #FAFAFA |
---|
borderStyle | none |
---|
| Include Page |
---|
Not_Applicable_to_CloudNative | Not_Applicable_to_CloudNative |
Specifies the reverse DNS lookup of a peer's FQDN. Used to verify the identity of the SIP peer client certificate. This action takes place when both, Mutual Authentication and Validate Client FQDN are enabled. If Mutual Authentication is disabled, the Validate Client FQDN is also disabled. Validate Client FQDN is an enhanced security feature of , which could be disabled if the common name in the certificate is an IP address (some ITSP's do that). When the Validate Client FQDN is enabled, this option allows to perform an FQDN match of an incoming peer certificate common name (CN) or Subject Alternate Name (SAN) against a reverse DNS lookup of the IP address to an FQDN. Note |
---|
does not validate IP addresses to identify a peer server, but only Fully Qualified Domain Names (FQDN). |
|
...