and settings file can reside. The phone support TLS 1.2 cipher suites. You can configure the
TLS_VERSION parameter to use either TLS 1.2 only, or use older TLS versions as well.
The following list of applications and processes use TLS 1.2:
• WML browser using HTTPS
• H.323 signaling over TLS
• SLA mon agent
• IPSec VPN with certificate based authentication
• 802.1x EAP-TLS
• Single Sign On (SSON)
• Configuration files download using HTTPS
• Backup/restore using HTTPS
• Debug report generation using HTTPS
• OCSP over HTTPS
Note:
Because of POODLE vulnerability as defined in CVE-2014-3566, the IP phone do not support
SSLv3.
If H.323 over TLS is enabled on the Communication Manager, the deskphone registers and opens
a H.323 signaling over TLS connection by using TCP port 1300. Mutual authentication is
supported and all registration and signaling packets are sent over TLS. The discovery messages
are sent over UDP. You can disable H.323 signaling over TLS from the CRAFT menu.
All phones support HTTP authentication for backup and restore operations. The non-volatile
memory stores the authentication credentials and the realm. The non-volatile memory is not
overwritten if new phone software is downloaded. The default value of the credentials and the
realm are null, set at manufacture and at any other time that user-specific data is removed from
the phone or by the local administrative (Craft) CLEAR procedure.
A realm is the location of the user accounts. If you have set up a realm while installing the HTTPS
server, the deskphone will prompt you to enter the realm address. For information about
configuring realm, see the instructions provided by your HTTPS server vendor.
Note:
If you have not configured realm, you can enter
*
in the
realm
field, and proceed.
If an HTTP backup or restore operation requires authentication and the realm in the challenge
matches the stored realm, the stored credentials are used to respond to the challenge without
prompting the user. However, if the realms do not match, or if an authentication attempt using the
stored credentials fails, the user is then prompted to input new values for backup/restore
credentials.
If an HTTP authentication for a backup or restore operation is successful and if the user ID,
password, or realm used is different than the values currently stored in the phone, the new values
will replace the currently stored values.
Network requirements
May 2018
Installing and Administering Avaya J169/J179 IP Phone H.323
69