Security Features
108
l
DHE-RSA-AES256-SHA
l
DHE-DSS-AES256-SHA
l
AES256-SHA
l
EDH-RSA-DES-CBC3-SHA
l
EDH-DSS-DES-CBC3-SHA
l
DES-CBC3-SHA
l
DES-CBC3-MD5
l
DHE-RSA-AES128-SHA
l
DHE-DSS-AES128-SHA
l
AES128-SHA
l
RC2-CBC-MD5
l
IDEA-CBC-SHA
l
DHE-DSS-RC4-SHA
l
RC4-SHA
l
RC4-MD5
l
RC4-64-MD5
l
EXP1024-DHE-DSS-DES-CBC-SHA
l
EXP1024-DES-CBC-SHA
l
EDH-RSA-DES-CBC-SHA
l
EDH-DSS-DES-CBC-SHA
l
DES-CBC-SHA
l
DES-CBC-MD5
l
EXP1024-DHE-DSS-RC4-SHA
l
EXP1024-RC4-SHA
l
EXP1024-RC4-MD5
l
EXP-EDH-RSA-DES-CBC-SHA
l
EXP-EDH-DSS-DES-CBC-SHA
l
EXP-DES-CBC-SHA
l
EXP-RC2-CBC-MD5
l
EXP-RC4-MD5
l
ECDHE
Supported Trusted and Server Certificates
The IP phone can serve as a TLS client or a TLS server. In the TLS feature, we use the terms trusted and server cer-
tificate. These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
l
Trusted Certificate
: When the IP phone requests a TLS connection with a server, the phone should verify the
certificate sent by the server to decide whether it is trusted based on the trusted certificates list. You can upload
10 custom certificates at most. The format of the trusted certificate files must be *.pem, *.cer, *.crt and *.der and
the maximum file size is 5MB.
l
Server Certificate
: When clients request a TLS connection with the IP phone, the phone sends the server cer-
tificate to the clients for authentication. The IP phone has two types of built-in server certificates: a unique server
certificate and a generic server certificate. You can only upload one server certificate to the IP phone. The old
server certificate will be overridden by the new one. The format of the server certificate files must be *.pem and
*.cer and the maximum file size is 5MB.
A unique server certificate
: It is unique to an IP phone (based on the MAC address) and issued by the Yealink
Certificate Authority (CA).
A generic server certificate
: It is issued by the Yealink Certificate Authority (CA). Only if no unique certificate
exists, the phone may send a generic certificate for authentication.