User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMediant 600

311

312

313

314

315

316

317

318

319

320

SIP User's Manual 314 Document #: LTRT-83303

Mediant 1000 & Mediant 600

4.4.4 Security Parameters

Table 4-4: Security Parameters

ini File Parameter Description

EnableMediaSecurity

For a description of this parameter, refer to ''Configuring the General

Security Settings'' on page 123.

MediaSecurityBehaviou

For a description of this parameter, refer to ''Configuring the General

Security Settings'' on page 123.

EnableSIPS

For a description of this parameter, refer to ''General Parameters'' on page

166.

TLSVersion

For a description of this parameter, refer to ''Configuring the General

Security Settings'' on page 123.

TLSLocalSIPPort

For a description of this parameter, refer to ''General Parameters'' on page

166.

TLSReHandshakeInterv

Defines the time interval (in minutes) between TLS Re-Handshakes

initiated by the device.

The interval range is 0 to 1,500 minutes. The default is 0 (i.e., no TLS Re-

Handshake).

PeerHostNameVerificati

onMode

Determines whether the device verifies the Subject Name of a remote

certificate when establishing TLS connections.

 [0] = Disable (default).

 [1] = Verify Subject Name only when acting as a server for the TLS

connection.

 [2] = Verify Subject Name when acting as a server or client for the TLS

connection.

When a remote certificate is received and this parameter is not disabled,

the SubjectAltName value is compared with the list of available Proxies. If a

match is found for any of the configured Proxies, the TLS connection is

established.

The comparison is performed if the SubjectAltName is either a DNS name

(DNSName) or an IP address. If no match is found and the

SubjectAltName is marked as ‘critical’, the TLS connection is not

established.

If the SubjectAltName is not marked as ‘critical’ and there is no match, the

CN value of the SubjectName field is compared with the parameter

TLSRemoteSubjectName. If a match is found, the connection is

established. Otherwise, the connection is terminated.

VerifyServerCertificate

Determines whether the device, when acting as client for TLS connections,

verifies the Server certificate. The certificate is verified with the Root CA

information.

 [0] = Disable (default).

 [1] = Enable.

Note: If Subject Name verification is necessary, the parameter

PeerHostNameVerificationMode must be used as well.

OCSPEnable

Enables or disables certificate checking using Online Certificate Status

Protocol (OCSP).

 [0] = Disable (default).

 [1] = Enable.