Author Topic: Teleworker TLS Version  (Read 2066 times)

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Teleworker TLS Version
« on: October 04, 2023, 09:29:58 AM »
Our TW server (MiCollab) is failing an audit because we're using TLS v1.0.
The problem is, we can switch to v1.2 because we have 5330s and 5340s non "e" variant. Old phones.
The phones don't work with v1.2.

My question is, do 5330e and 5340e variants work with TLS v1.2?

Ralph


Offline ACDeezNutz

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +2/-0
    • View Profile
Re: Teleworker TLS Version
« Reply #1 on: October 04, 2023, 11:32:13 PM »
Mitel article QA2902:

Title: Highest cipher suite TLS 1.2 on MBG
Question: What are the effects of enabling highest cipher suite TLS 1.2 on MBG ?
Environment: MSL, MBG, Micollab
Answer:

a. 5020, 5212, 5215, 5220, 5224, 5304, 5312 and 5324 IP Phones, MiCollab Client and Mitel Navigator default to using TCP/PSK pre-TLS for their
transport protocol. They can no longer use TCP/TLS. Note that 5020, 5215 and 5220 IP Phones do not support TCP/TLS under any circumstance.

b. 5320, 5320e, 5330e, 5340e and 5360 IP Phones and the 5540 IP Console can continue to use TCP/TLS for their transport protocol provided that they
have been upgraded to the latest firmware version 6.4.1.x. This firmware is provided with the MBG Release 9.2 software.

c. 5235, 5330 and 5340 IP Phones and 5560 IPT default to using TCP/PSK pre-TLS for their transport protocol. They can no longer use TCP/TLS and will
provide only partial functionality calls can be made but the phones will display Application Loading and the keys will fail to update.

d. MiCollab Client MiNET Softphones default to using TCP/PSK pre-TLS.

e. DECT phones will no longer be able to connect.

f. 5550 IP Consoles default to using TCP/PSK pre-TLS for their transport protocol. They can no longer use TCP/TLS and will provide only partial functionality calls
can be made but the Phonebook will be inaccessible.

g. MiVoice Business Consoles running Release 9.0 and above will be fully functional. Earlier versions default to using TCP/PSK pre-TLS for their transport protocol.
They can no longer use TCP/TLS and will provide only partial functionality calls can be made but the Phonebook will be inaccessible.

h. 69xx IP Phones will be fully functional once upgraded to the firmware included in MiVoice Border Gateway.

i. The SIP-based softphone included in the legacy MiCollab client will fail to connect over TLS.

Note : Please refer KMS Document: QA1442, How to apply highest security settings to MSL MBG MiCollab Server
« Last Edit: October 04, 2023, 11:46:23 PM by ACDeezNutz »

Offline Dutch

  • Jr. Member
  • **
  • Posts: 53
  • Country: nl
  • Karma: +1/-0
    • View Profile
Re: Teleworker TLS Version
« Reply #2 on: November 15, 2023, 05:34:35 PM »
if you don't put your MBG settings to "Intermediate" in the top the 53xx will never connect anyway which is TLS v1.2

The MBG in question I tested has all options of 1.0 and 1.1 de-activated by default.

Also as above poster mentioned you need to check the security settings in MiVB as well. Keeping all to High should I think be fine for 53xx phones meaning 5330 5340 etc but 5312 phones need a lower setting.....
« Last Edit: November 15, 2023, 05:37:05 PM by Dutch »


 

Sitemap 1 2 3 4 5 6 7 8 9 10