Instructions on TLS/SSL Certificates on Yealink Phones



Similar documents
Overview. SSL Cryptography Overview CHAPTER 1

Web Security: Encryption & Authentication

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Chapter 17. Transport-Level Security

Savitribai Phule Pune University

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from

TLS/SSL in distributed systems. Eugen Babinciuc

TLS and SRTP for Skype Connect. Technical Datasheet

Secure Frequently Asked Questions

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Cornerstones of Security

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

SSL EXPLAINED SSL EXPLAINED

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

PrintFleet Enterprise 2.2 Security Overview

SSL Overview for Resellers

Unifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Gateway

Public Key Infrastructure (PKI)

Xerox FreeFlow Digital Publisher Information Assurance Disclosure. Onsite, Cloud and epublishing Configurations

PrintFleet Enterprise Security Overview

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005


Transport Layer Security (TLS) About TLS

Copyright Telerad Tech RADSpa. HIPAA Compliance

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Security Digital Certificate Manager

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

NAS 272 Using Your NAS as a Syslog Server

Generating and Installing SSL Certificates on the Cisco ISA500

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

ADFS Integration Guidelines

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Securing your Online Data Transfer with SSL

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Transport Layer Security Protocols

Three attacks in SSL protocol and their solutions

UPSTREAMCONNECT SECURITY

DEVELOPING CERTIFICATE-BASED PROJECTS FOR WEB SECURITY CLASSES *

How To Understand And Understand The Security Of A Key Infrastructure

SSL/TLS: The Ugly Truth

Owner of the content within this article is Written by Marc Grote

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Security Digital Certificate Manager

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Maximizing Performance with SPDY & SSL. Billy Hoffman

TELNET CLIENT 5.0 SSL/TLS SUPPORT

MAC Web Based VPN Connectivity Details and Instructions

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Docufide Client Installation Guide for Windows

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

DMH remote access. Table of Contents. Project : remote_access_dmh Date: 29/05/12 pg. 1

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Properties of Secure Network Communication

Computer Networks. Secure Systems

Secure Client Applications

Yealink Technical White Paper. Contents. About VPN Types of VPN Access VPN Technology... 3 Example Use of a VPN Tunnel...

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Com.X IP PBX The complete communications solution in a box

Spreed Keeps Online Meetings Secure. Online meeting controls and security mechanism.

Chapter 7 Transport-Level Security

Frequently Asked Questions. Frequently Asked Questions SSLPost Page 1 of 31 support@sslpost.com

stacktools.io Services Device Account and Profile Information

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

ReadyNAS Remote White Paper. NETGEAR May 2010

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Application Note. Onsight Connect Network Requirements v6.3

As enterprises conduct more and more

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

What is a SSL VPN and How Does it Work?

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview

Internet Programming. Security

Lukasz Pater CMMS Administrator and Developer

Networks & Security Course. Web of Trust and Network Forensics

User Guide. The AMF's File Transfer Service (FTS)

SyncThru TM Web Admin Service Administrator Manual

Implementing Secure Sockets Layer on iseries

mod_ssl Cryptographic Techniques

SBClient SSL. Ehab AbuShmais

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Active Management Services

How To Encrypt Data With Encryption

Configuring HTTPs Connection in SAP PI 7.10

Setting Up SSL on IIS6 for MEGA Advisor

The Benefits of SSL Content Inspection ABSTRACT

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

ClearView Connects Help

CS 3251: Computer Networking 1 Security Protocols I

Application Notes for Configuring Yealink T-22 SIP Phones to interoperate with Avaya IP Office - Issue 1.0

MultiSite Manager. Using HTTPS and SSL Certificates

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Transcription:

Instructions on TLS/SSL Certificates on Yealink Phones 1. Summary... 1 2. Encryption, decryption and the keys... 1 3. SSL connection flow... 1 4. The instructions to a certificate... 2 4.1 Phone acts as a client... 3 4.2 Phone acts as a server... 4 4.3 Phone s client certificate... 4 5. Frequently Asked Questions... 5 Instructions to TLS/SSL Certificates on Yealink Phones

Instructions on TLS/SSL Certificates on Yealink Phones Update log Version Time Update by 1.0 2010-09-09 1. Summary Up to the date when this is being written (or updated), Yealink phones are supporting TLS 1.0 on T20/T22/T26/T28. TLS 1.0, which is defined by RFC 2246 (The TLS Protocol Version 1.0), can be considered as an upgrade to SSL 3.0. There are just tiny differences between TLS 1.0 and SSL 3.0, so in this article we treat them as the same. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. For the technical details of TLS, you can refer to wiki: http://en.wikipedia.org/wiki/ssl_certificate#tls_version_1.1. This article will just describe the usage of it on Yealink phones in a somewhat superficial way. 2. Encryption, decryption and the keys Before we talk about certificates, we must know something basic about keys which are used to encrypt or decrypt certain traffic. The sender uses an encryption key to encrypt the messages it sends, while the receiver uses a right decryption key to decrypt the messages it receives. The encryption key and the decryption key match each other, meaning that if one piece of message is encrypted by a key, it is supposed that there s only one decryption key that can decrypt it. Generally, there are two kinds of encryption and the keys: Symmetric encryption: For symmetric encryption, the encryption key and the corresponding decryption key can be told by each other. In most cases, the encryption key and the decryption key are the same one. Asymmetric encryption: For asymmetric encryption, you cannot tell the decryption key from the encryption key and vice versa. There are Public Key and Private Key in this case and they are a match. The information encrypted by the Public Key can only be decrypted by the corresponding Private Key and vice versa. Usually, the receiver keeps its private key. The public key is known by the sender, so the sender sends the information encrypted by the known public key, and then the receiver uses the private key to decrypt it. 3. SSL connection flow After the establishment of a SSL connection, the data transmits between each other is encrypted by a session key which is a symmetric key. The process of the connection is like: Instructions to call recording on Yealink phones 1/5

Figure 1 A. The client say hello to the HTTPS server to initiate a connection request. The request contains the encryption methods for negotiation with the server. (Step 1 in the above flow) B. The server responds say hello to confirm the encryption method and sends its certificate. The certificate contains a public key of the server. (Step 234 in the above flow) C. If the client trusts the server, it will send back a session key which is encrypted by the public key from the server and tell the server that the coming up information will be encrypted by this session key. (Step 567 in the above flow) D. The server confirms and the information it sends will also be encrypted by the session key. (Step 89 in the above flow) E. Now the data transmission between each other will be encrypted and both sides know the right key to decrypt since the session key is a symmetric key. The trace T28-https.pcap can be referred if you want to know the detail. 4. The instructions on a certificate It is not difficult to encrypt and decrypt the data by the sender and receiver. The tricky part is the negotiation of the encryption key (session key). The key cannot be sent freely because if someone else gets the information, your conversation will be at risk. It is done by using the public key and private key mechanism to encrypt the session key. You get the public Instructions to call recording on Yealink phones 2/5

key from the sender, so then the problem comes to how you can trust the sender. The certificate is a solution to these problems. The normal certificate, or accurately the so-called digital certificate (also known as a public key certificate), is actually an electronic document that mainly contains a public key and identity information of the certificate owner. And there will be other information such as the unique serial number, the issuer, the validity date of the certificate. By verifying the information in the certificate, it can be told that whether the sender of the certificate is trustable. If no, there won t be further transmission. If yes, the receiver will use the public key in the certificate to go further like from step 567 in Figure 1. The phone uses X.509 certificates whose common filename extensions can be.pem,.cer. The phone can act as either a client or a server based on who initiates the connection request. 4.1 Phone acts as a client When the phone initiates the SSL connection, we say it acts as a client. The case is like when the phone connects to the setting HTTPS URL for provisioning. Usually, the server should be verified by the client but not vice versa. That is, the client should verify that whether the server can be trusted. So when the phone requests the connection, the HTTPS server will send its certificate to the phone. If the phone doesn t enable the option Only Accept Trusted Certificates, the connection will be done anyway. If the option is enabled, the phone will check the certificate based on the existing Trusted Certificates list. The related webpage of the phone is as below: Figure 2 Up to the date when this document is being written, Yealink phones don t have any inbuilt Trusted Certificates. You can upload them by your own. Instructions to call recording on Yealink phones 3/5

4.2 Phone acts as a server When certain PC browser connects to the phone s webpage, we say the phone acts as a server. In this case, it is the phone s turn to send its certificate to the browser. The certificate belonging to the phone can be uploaded by your own too. Yealink phones don t have inbuilt server certificate either. The related webpage of the phone is as below: Figure 3 4.3 Phone s client certificate We just said usually it is the server that is verified by the client. Actually there is possibility that the server also verifies the client, depending on the server s configuration. In this case, during the connection with a HTTPS server, the phone should send its client certificate to the server as well. For Yealink phones, the client certificate is the same one as the server certificate which you upload on webpage shown in Figure 3. Instructions to call recording on Yealink phones 4/5

5. Frequently Asked Questions 1. Q: When I choose the TLS, which protocol (TCP or UDP) is used? A: TCP. 2. Q: Is it possible for the phone to upload certificates via auto provision? A: Not for now. But it is in our schedule of V70. 3. Q: There s an existing server certificate I uploaded before, what if I upload another one? A: The old one will be replaced by the newly uploaded one. Instructions to call recording on Yealink phones 5/5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information