Yealink VC400 Administrator's Manual page 249

EDH-RSA-DES-CBC-SHA

EDH-DSS-DES-CBC-SHA

DES-CBC-SHA

EXP1024-DHE-DSS-RC4-SHA

EXP1024-RC4-SHA

EXP1024-RC4-MD5

EXP-EDH-RSA-DES-CBC-SHA

EXP-EDH-DSS-DES-CBC-SHA

EXP-DES-CBC-SHA

EXP-RC4-MD5

The following figure illustrates the TLS messages exchanged between the system and TLS server
to establish an encrypted communication channel:
Step1: The system sends "Client Hello" message proposing SSL options.
Step2: Server responds with "Server Hello" message selecting the SSL options, sends its public
key information in "Server Key Exchange" message and concludes its part of the negotiation
with "Server Hello Done" message.
Step3: The system sends key session information (encrypted by server's public key) in the
"Client Key Exchange" message.
Step4: Server sends "Change Cipher Spec" message to activate the negotiated options for all
future messages it will send.
The system can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for the SIP
account, the message of the SIP account will be encrypted after the successful TLS negotiation.
Certificates
The system can serve as a TLS client or a TLS server. The TLS requires the following security
certificates to perform the TLS handshake:
Trusted Certificate: When the system requests a TLS connection with a server, the system

should verify the certificate sent by the server to decide whether it is trusted based on the
trusted certificates list. The system has 33 built-in trusted certificates. You can upload up to
10 custom certificates to the system. The format of the certificates must be *.pem, *.cer,
*.crt and *.der. For more information on 33 trusted certificates, refer to
Configuring Security Features
Appendix B: Trusted
233