Note:
IP phone H.323 v6.6.2 and later do not support HTTPS with MV_IPTEL or IIS 6. It is
recommended to upgrade to the current version of an HTTPS server that supports TLS 1.2.
For restore, the initiating process must supply only the backup file name. The file is requested
from the server by an HTTP GET message. If successful, the file is returned to the initiating
process. Otherwise a failure message is returned.
Backup and restore operations construct the URI used in the HTTP message from the value of the
BRURI parameter and from the file name as follows:
• If BRURI ends with a / (a forward slash), the file name is appended.
• Otherwise, a forward slash and the file name is appended to the BRURI value.
Note:
BRURI can include a directory path and/or a port number as specified in IETF RFCs
2396 and 3986.
If you use TLS, the call server registration password for the phone must be included in an
Authorization request-header in each transmitted GET and PUT method. This is intended for use
by the Avaya IP Telephone File Server Application (which can be downloaded from the Avaya
support Web site) so that the phone requesting the file transaction can be authenticated.
If no digital certificates are downloaded based on the system parameter TRUSTCERTS, the
phone establishes a TLS connection only to a backup/restore file server that has a Avaya-signed
certificate, included by default with the Avaya IP Telephone File Server Application, and includes
the credentials. However, if at least one digital certificate has been downloaded based on
TRUSTCERTS, the credentials are included only if BRAUTH is set to 1. This is a security feature
to allow control over whether the credentials are sent to servers with third-party certificates. If the
server on which the Avaya IP Deskphone File Server Application is installed uses a non-Avaya
certificate, set BRAUTH to 1 to enable authentication of the deskphones. The default value of
BRAUTH is 0.
When the call server IP address and the registration password of the phone are included as the
credentials in an Authorization request-header, the call server IP address is included first in
dotted-decimal format, followed by a colon, hex 3A, followed by the registration password of the
phone.
HTTP/HTTPS authentication is supported for both backup and restore operations. The
authentication credentials and realm are stored in re-programmable, non-volatile memory, which is
not overwritten when new phone software is downloaded. Both the authentication credentials and
realm have a default value of null, set at manufacture or at any other time user-specific data is
removed from the phone.
The following cipher suites are supported for backup and restore operations:
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Administering your phone
May 2018
Installing and Administering Avaya J169/J179 IP Phone H.323
162