Konftel 300IP Installation And Administration page 12

SEttINgS
transport
The transport setting only concern which protocol to be used for SIP messages between
the devices involved. These settings do not include the media (the actual call). The
settings on the Media tab should be set accordingly.
Note that if you choose to use a secure connection, both units must support it.
Otherwise they cannot negotiate a connection. If an incoming call demands a secure
TLS or SIPS connection, Konftel 300IP uses the appropriate protocol even if you have
set the phone to use UDP.
Protocol uDP (User Datagram Protocol) is a protocol on the transport
layer in the Internet Protocol Suite. It is a stateless protocol for
short messages – datagrams. Stateless imply that it does not in
advance establish any connection between sender and receiver.
UDP does not guarantee reliability or ordering in the way that
TCP does. Datagrams may arrive out of order or go missing
without notice. The advantage is speed and efficiency.
UDP is the default protocol for SIP.
tCP (Transmission Control Protocol) is a protocol on the transport
layer in the Internet Protocol Suite. TCP is the standard protocol
for Internet communication. TCP keeps track of all individual
packets of data, that they arrive to the receiver and are put to-
gether properly. TCP is not the default protocol for SIP, because
it is slower and uses more bandwidth than UDP.
With UDP and TCP, SIP packets travel in plain text. tLS
(Transport Layer Security) is a cryptographic protocol that provide
security and data integrity for communications over TCP/IP
networks. TLS encrypts the datagrams of the transport layer
protocol in use. The secure connection may be to the end device
or to the first server (usually the SIP server where the phone is
registered). There is no guarantee that there is a secure channel
to the end point, but because the SIP server is the only part
receiving the user authentication, this is still a rather secure
solution.
SIPS (Secure SIP) is a security measure that uses TLS to provide
an encrypted end-to-end channel for the SIP messages. To use
SIPS, however, both VoIP devices and the SIP server must sup-
port it.
 Even if Transport is set to TLS or SIPS, Konftel 300IP still accepts incoming UDP
or TCP signalling.
On phone: MENu > SEttINgS > ADvANCED > (PIN) > ACCouNtS > tRANSPoRt (5,2,1,3).
20
tLS Settings
If you select TLS or SIPS under the transport setting, this additional settings appear on
the page.
It may be possible to use secure communication without using a certificate and making
any changes to this settings. In some cases the SIP server requires a certificate for
user/client verification, if you choose to use TLS or SIPS. This should be specified in
the account information.
You are also able to increase security furthermore by requiring verification of the server,
or the client when Konftel 300IP acts as a server for incoming calls.
Method The TLS include a variety of security measures. The methods is
defined in the versions of the standard (SSL, SSL v2, SSL v3,
TLS v1, TLS v2). The default method is SSLv23, which accepts
both SSL v2 and v3.
Negotiation timeout The TLS settings are negotiated during a call setup (both incom-
ing and outgoing). If this negotiation does not succeed within the
specified time (seconds) the negotiation is aborted. Timeout is
disabled with 0 (zero).
Verify client When set to On, the Konftel 300IP will activate peer verification
for incoming secure SIP connections (TLS or SIPS).
Require client certificate
When set to On, the Konftel 300IP rejects incoming secure SIP
connections (TLS or SIPS) if the clients doesn't have a valid
certificate.
Verify server When Konftel 300IP is acting as a client (outgoing connections)
using secure SIP (TLS or SIPS) it will always receive a certificate
from the peer. If Verify server is set to On, Konftel 300IP closes
the connection if the server certificate is not valid.
SEttINgS
21