Transport Layer Security
Transport Layer Security (TLS) is a standard protocol for securing and authenticating communications over
the Internet. SIP over TLS encrypts the SIP messages between the service provider SIP proxy and the end
user. SIP over TLS encrypts only the signaling messages, not the media.
TLS has two layers:
• TLS Record Protocol—Layered on a reliable transport protocol, such as SIP or TCH, this layer ensures
that the connection is private through use of symmetric data encryption and it ensures that the connection
is reliable.
• TLS Handshake Protocol—Authenticates the server and client, and negotiates the encryption algorithm
and cryptographic keys before the application protocol transmits or receives data.
The Cisco IP Phone uses UDP as the standard for SIP transport, but the phone also supports SIP over TLS
for added security.
Configure SIP Over TLS Signaling Encryption
Before you begin
Access the phone administration web page. See
Access the Phone Web Page, on page 80
Procedure
Step 1
Select
Voice
>
Ext(n)
, where n is an extension number.
Step 2
In the
SIP Settings
section, select
TLS
from the
SIP Transport
drop-down list box.
Step 3
Click
Submit All Changes
.
Configure LDAP over TLS
You can configure LDAP over TLS (LDAPS) to enable secure data transmission between the server and a
specific phone.
Cisco recommends leaving the authentication method to the default value of
None
. Next to the server field
is an authentication field that uses the values
None
,
Simple
, or
DIGEST-MD5
. There is no
TLS
value for
authentication. The software determines the authentication method from the ldaps protocol in the server string.
Attention
Before you begin
Access the phone administration web page. See
Access the Phone Web Page, on page 80
Cisco IP Phone 7800 Series Multiplatform Phones Administration Guide
122
Cisco IP Phone Administration
Transport Layer Security