Transport Layer Security (Tls) - Mitel 6867i Administrator's Manual
6800 series
Hide thumbs
Also See for 6867i:
- User manual (235 pages) ,
- Training manual (29 pages) ,
- Installation manual (24 pages)
Table of Contents
Advertisement
Mitel 6800 Series SIP Phone Release 4.2.0 Administrator Guide
TRANSPORT LAYER SECURITY (TLS)
The IP Phones support a transport protocol called Transport Layer Security (TLS) and
Persistent TLS. TLS is a protocol that ensures communication privacy between the SIP phones
and the Internet. TLS ensures that no third party may eavesdrop or tamper with any message.
TLS is composed of two layers: the TLS Record Protocol and the TLS handshake protocol.
The TLS Record Protocol provides connection security with some encryption method such as
the Data Encryption Standard (DES). The TLS Handshake Protocol allows the server and client
to authenticate each other and to negotiate an encryption algorithm and cryptographic keys
before data is exchanged. TLS requires the use of the following security certificate files to
perform TLS handshake:
•
Root and Intermediate Certificates
•
Local Certificate
•
Private Key
•
Trusted Certificate
When the phones use TLS to authenticate with the server, each individual call must setup a
new TLS connection. This can take more time when placing each call. Thus, the IP phones
also have a feature that allows you to setup the connection to the server once and re-use that
one connection for all calls from the phone. It is called Persistent TLS. The setup connection
for Persistent TLS is established during the registration of the phone. If the phones are set to
use Persistent TLS, and a call is made from the phone, this call and all subsequent calls use
the same authenticated connection. This significantly reduces the delay time when placing a
call.
Notes:
1. There can be only one persistent TLS connection created per phone.
2. If you configure the phone to use Persistent TLS, you must also specify the Trusted
Certificate file to use. The Root and Intermediate Certificates, Local Certificate, and
Private Key files are optional.
On the IP phones, an Administrator can configure TLS and Persistent TLS on a global-basis
only, using the configuration files or the Mitel Web UI.
There is a keep-alive feature for persistent TLS connections only. Administrators can configure
this keep-alive feature using the parameter called "sip persistent tls keep alive". When this
feature is configured, the phone will send keep-alive pings to the proxy server at configured
intervals. The keep-alive feature for persistent TLS connections performs the following
functionalities:
•
After a persistent TLS connection is established or re-established, activate the keep-alive,
which will send CRLF to peer periodically.
•
The phone will retry the connection automatically when a persistent TLS connection is down.
•
When a persistent TLS connection is re-established (primary is up or primary is down and
backup is up), refresh registration of the accounts associated with the connection.
•
When a persistent TLS connection to primary is down, switch to backup if connection to
backup is working.
6-20
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
