1. Firmware Update:
- Ensure your Yealink phones have the latest firmware version: that supports TLS 1.2.
- Refer to Yealink’s documentation: for specific firmware versions and upgrade procedures for your phone models.
- Models up to V84 (before openssl 2.1. 0.11) support algorithms like RSA/DH, and TLS support is limited to TLS 1.2 .
- Models from V84 onwards (after openssl 2.1. 0.11) support algorithms like RSA/DHE/ECDH, and TLS support is limited to TLS 1.2 .
- Openssl 3. x versions support algorithms like RSA/DHE/ECDH, and TLS support extends up to TLS 1.3 .
2. TLS Configuration:
- Configure the TLS protocol version: on your Yealink phones to TLS 1.2 (value 5).
- Refer to the Yealink documentation: for the specific location of this setting within the phone’s configuration menu.
- You may need to configure the TLS cipher list: to ensure compatibility with the SkySwitch server.
- The default cipher list is AES:!ADH:!LOW:!EXPORT:!NULL .
- You can add, delete, or temporarily delete cipher suites: using the “+” , “-” and “!” symbols.
3. SkySwitch Server Configuration:
- Ensure your SkySwitch server is configured to support TLS 1.2 .
- Refer to the SkySwitch documentation: for specific TLS configuration options.
- You may need to configure the server’s TLS cipher list: to match the Yealink phones.
4. Testing:
- After making the necessary configurations, test the connection: between the Yealink phones and the SkySwitch server to ensure that TLS 1.2 is working correctly.
- Look for a lock icon on the phone’s LCD screen: after a successful TLS negotiation
COMMENT:
SkySwitch uses the Netsapiens back end. Anyway, with just about all of the hosted systems I use (Cisco, Netsapiens, Zultys and Acrobits, firewall traversal and ALG issues are becoming much more rare as we only implement using TLS, which makes them both a mute point