Administrator’s Guide for SIP-T2 /T3 /T4 /T5 /CP920 IP Phones
111
l
Starfield Secure Certificate Authority - G2
l
HydrantID SSL ICA G2
Note
: Yealink endeavors to maintain a built-in list of most common used CA Certificates. Due to memory constraints, we can-
not ensure a complete set of certificates. If you are using a certificate from a commercial Certificate Authority not in the list
above, you can send a request to your local distributor. At this point, you can upload your particular CA certificate into your
phone.
TLS Configuration
The following table lists the parameters you can use to configure TLS.
Parameter
account.X.sip_server.Y.transport_type
[1][2]
<MAC>.cfg
Description
It configures the type of transport protocol.
Permitted
Values
0
-UDP
1
-TCP
2
-TLS
3
-DNS NAPTR, if no server port is given, the phone performs the DNS NAPTR and SRV queries for
the service type and port.
Default
0
Web UI
Account > Register > SIP Server Y > Transport
Parameter
static.security.default_ssl_method
[3]
<y0000000000xx>.cfg
Description
It configures the TLS version to use for handshake negotiation between the phone and server (for
example, SIP registration server, provisioning server).
Permitted
Values
0
-TLS 1.0
3
-SSL V23 (automatic negotiation with the server. The phone starts with TLS 1.2 for negotiation.)
4
-TLS 1.1
5
-TLS 1.2
Default
3
Parameter
static.security.server_ssl_method
[3]
<y0000000000xx>.cfg
Description
It configures the supported TLS version to use for handshake negotiation between the phone and
web browser.
Permitted
Values
0
-TLS 1.0, TLS 1.1 and TLS 1.2
1
-TLS 1.1 and TLS 1.2
2
-TLS 1.2
Default
1
Supported
Devices
All phones except T48G, T46G, T42G, T41P and T29G
Parameter
static.security.trust_certificates
[3]
<y0000000000xx>.cfg
Description
It enables or disables the phone to only trust the server certificates in the Trusted Certificates list.
Permitted
Values
0
-Disabled
1
-Enabled, the phone will authenticate the server certificate based on the trusted certificates list. Only
when the authentication succeeds, will the phone trust the server.