Security features, Transport layer security (tls) support – Aastra Telecom 53I User Manual

Security Features

24

RN-001029-00, Rev 03, Release 2.1

IP Phone Release Notes 2.1

Security Features

Transport Layer Security (TLS) Support

The phones now support a new transport protocol called Transport Layer
Security (TLS) and Persistent TLS. TLS is a protocol that ensures
communication privacy between the SIP phones and the Internet. TLS ensures
that no third party may eavesdrop or tamper with any message.

TLS is composed of two layers: the TLS Record Protocol and the TLS handshake
protocol. The TLS Record Protocol provides connection security with some
encryption method such as the Data Encryption Standard (DES). The TLS
Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is
exchanged. TLS requires the use of specific security certificate files to perform
TLS handshake:

•

Root and Intermediate Certificates

•

Local Certificate

•

Private Key

•

Trusted Certificate

When the phones use TLS to authenticate with the server, each individual call
must setup a new TLS connection. This can take more time when placing each
call. Thus, the IP phones also have a feature that allows you to setup the
connection to the server once and re-use that one connection for all calls from the
phone. It is called Persistent TLS. The setup connection for Persistent TLS is
established during the registration of the phone. If the phones are set to use
Persistent TLS, and a call is made from the phone, this call and all subsequent
calls use the same authenticated connection. This significantly reduces the delay
time when placing a call.