This chapter provides information for making configuration changes for the following
security-related features:
Transport Layer Security
Secure Real-Time Transport Protocol
Encrypting Configuration Files
The TLS protocol is a commonly-used protocol for providing communications privacy
and managing the security of message transmission. The TLS allows IP phones to
communicate with other remote parties and connect to the HTTPS URL for provisioning in
a way that is designed to prevent eavesdropping and tampering.
The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS
Handshake Protocol. The TLS Record Protocol completes the actual data transmission
and ensures the integrity and privacy of the data. The TLS Handshake Protocol allows
the server and client to authenticate each other and negotiate an encryption algorithm
and cryptographic keys before data is exchanged.
The TLS protocol use asymmetric cryptography for authentication of key exchange,
symmetric encryption for confidentiality, and message authentication codes for
message integrity.
Symmetric encryption
corresponding decryption key can be told by each other. In most cases, the
encryption key and the decryption key are the same one.
Asymmetric encryption: For asymmetric encryption, you cannot tell the decryption
key from the encryption key and vice versa. Each user has a pair of cryptographic
keys – a public encryption key and a private decryption key. The information
encrypted by the public key can only be decrypted by the corresponding private
key and vice versa. Usually, the receiver keeps its private key. The public key is
known by the sender, so the sender sends the information encrypted by the known
public key, and then the receiver uses the private key to decrypt it.
: F
or symmetric encryption, the encryption key and the
Configuring Security Features
193