Avaya 1230 Administration page 284

Security
How TLS impacts SIP
TLS impacts SIP in the following ways:
• URIs – contain transport parameters used to indicate the preferred method of contact. For
example,
Contact: Bob<sip:bob@company.com;transport=tls>
Important:
A transport parameter of TLS indicates that the server or client prefers TLS to be used for
communication.
SIP Software Release 3.2 and later adds transport=tls to the contact header when using TCP
or TLS.
• VIA header – contains the transport protocol used to send a request. For example, Via:
SIP4.1/TLSbob.company.com;....;alias
The IP Deskphone attempts to downgrade the allowed protocols if connection attempts are
made and fail. In order to avoid the IP Deskphone using an unsecure protocol, only TLS is
enabled.
The order of preference for protocols is always: TLS, TCP, and UDP.
You must enable the SIP TLS Listening port for incoming TLS connections to be made.
Certificate requirements
For the IP Deskphone to validate that the server certificate provided by the TLS-enabled proxy
matches the connected address, the certificate must contain the IP Addresses of the IP Deskphone.
The server certificate has a Subject Alternative Name field, which contains the IPv4 and IPv6 IP
addresses that correspond with the proxy. For example:
subjectAltName=IP:192.168.100.100subjectAltName=IP:
2001:0db8:0000:0000:0000:0000:1428:5 7ab
Important:
The IP Deskphone must have a device certificate loaded. If the device certificate is not loaded, the
IP Deskphone fails to establish a TLS connection with the system.
IP Deskphone security configuration
The following table lists the various security parameters for the IP Deskphone.
SIP Software for Avaya 1200 Series IP Deskphones-Administration
284
Comments? infodev@avaya.com
March 2015