You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

About this Resource

Availability: Since 1.3.0

Defines a TLS Profile Table to be used in a SIP Signaling Group.

REST API Methods for this Resource

Resource Schema

Configuration

Parameter Name Required Service Affecting Data Type Default Value Possible Values Description
DescriptionNoNostringnone64 - Max Length Description of the profile
TLSVersionYesYesint1Possible values:
  • 1 - Minimum
  • 2 - Maximum
TLS version. Currently 1.
HandshakeTimeoutYesYesint10Possible values:
  • 1 - Minimum
  • 30 - Maximum
 Specifies the SIP TLS client and server handshake inactivity timeout interval. The control timeout setting will abnormally terminate the TLS handshake session for a long period of inactivity between each TLS handshake message exchange. Recommended setting should be set to maximum 30 seconds due to network congestion.
MutualAuthYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Specifies the authentication method option using the Mutual TLS in the SIP TLS server handshake exchange message. This enables the Mutual authentication request and verifications of the SIP peer client certificate.
VerifyPeersCertificateYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
 Specifies the authentication method option of verifying the identity of the received SIP peer server certificate during the SIP TLS client handshake exchange message. This enables the verifications of the SIP peer server certificate.
ClientCipherYesNoEnum3Possible values:
  • 0 - e_tlsCiNone
  • 1 - e_tlsCiAES128_SHA
  • 2 - e_tlsCiDES_CBC3_SHA
  • 3 - e_tlsCiDES_CBC3_AES128_SHA
  • 4 - e_tlsCiDES_CBC_SHA
  • 5 - e_tlsCiAllFIPandNonFIPs
 Specifies the cipher suite parameter exchanged and negotiated in the SIP TLS client handshake message. Set of cipher suites parameter as a comma-separated list are ordered by preference:
  • 1 AES128-SHA
    - Recommended as per FIPS stronger security
  • 2 DES-CBC3-SHA
    - Required when peer device does not support AES128-SHA
  • 3 AES128-SHA, DES-CBC3-SHA
    - Required for backward compatibility where peer cipher suite selection and support is unknown
ValidateClientFQDNYesNoint1Possible values:
  • 0 - Minimum
  • 1 - Maximum
If enabled runs reverse DNS lookup to verify peer's FQDN.
ValidateServerFQDNYesNoEnum1Possible values:
  • 0 - btFalse
  • 1 - btTrue
If enabled performs validation of configured SIP Server host FQDN with the verify peer's FQDN.
FallbackCompatibleModeYesNoEnum0Possible values:
  • 0 - btFalse
  • 1 - btTrue
If enabled SSLv2 and SSLv3 variants to TLS1.0 will be negotiated when the compatibility with the peer is important.
  • No labels