Tls Parameters - AudioCodes Mediant 600 User Manual
Media gateways
Hide thumbs
Also See for Mediant 600:
- User manual (850 pages) ,
- Installation manual (52 pages) ,
- Hardware installation manual (32 pages)
Table of Contents
Advertisement
SIP User's Manual
6.4.4
TLS Parameters
The Transport Layer Security (TLS) parameters are described in the table below.
Parameter
Web/EMS: TLS Version
[TLSVersion]
Web: TLS Client Re-Handshake
Interval
EMS: TLS Re Handshake Interval
[TLSReHandshakeInterval]
Web: TLS Mutual Authentication
EMS: SIPS Require Client
Certificate
[SIPSRequireClientCertificate]
Web/EMS: Peer Host Name
Verification Mode
[PeerHostNameVerificationMode]
Version 5.8
Table 6-23: TLS Parameters
Defines the supported versions of SSL/TLS (Secure Socket
Layer/Transport Layer Security.
[0] SSL 2.0-3.0 and TLS 1.0 = SSL 2.0, SSL 3.0, and TLS
1.0 are supported (default).
[1] TLS 1.0 Only = only TLS 1.0 is used.
When set to 0, SSL/TLS handshakes always start with SSL 2.0
and switch to TLS 1.0 if both peers support it. When set to 1,
TLS 1.0 is the only version supported; clients attempting to
contact the device using SSL 2.0 are rejected.
Note: For this parameter to take effect, a device reset is
required.
Defines the time interval (in minutes) between TLS Re-
Handshakes initiated by the device.
The interval range is 0 to 1,500 minutes. The default is 0 (i.e.,
no TLS Re-Handshake).
Determines the device's behavior when acting as a server for
TLS connections.
[0] Disable = The device does not request the client
certificate (default).
[1] Enable = The device requires receipt and verification of
the client certificate to establish the TLS connection.
Notes:
For this parameter to take effect, a device reset is required.
The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and
HTTPSRootFileName.
Determines whether the device verifies the Subject Name of a
remote certificate when establishing TLS connections.
[0] Disable = Disable (default).
[1] Server Only = Verify Subject Name only when acting as
a server for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
When a remote certificate is received and this parameter is not
disabled, the SubjectAltName value is compared with the list of
available Proxies. If a match is found for any of the configured
Proxies, the TLS connection is established.
The comparison is performed if the SubjectAltName is either a
DNS name (DNSName) or an IP address. If no match is found
and the SubjectAltName is marked as 'critical', the TLS
connection is not established. If DNSName is used, the
certificate can also use wildcards ('*') to replace parts of the
271
6. Configuration Parameters Reference
Description
September 2009
- Quick Links:
- Mediant 600
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
