Operation Manual
administration.fm
A31003-C1000-M102-5-76A9, 09/2017
OpenScape Desk Phone CP200/CP205/CP400/CP600 HFA, Administration Manual
79
Administration
System Settings
3.5.11 Security
3.5.11.1 System
OpenScape Desk Phone CP phones support the following security option:
• PKI-based SPE (Signaling and Payload Encryption)
The security settings are be configured separately for the main gateway and for the fallback
gateway (standby) when using SRSR (Small Remote Site Redundancy).
The Signalling transport main/standby parameter selects the protocol to use for signalling.
TCP and TLS are avaliable.
Certificate validation main/standby shows whether the phone certificate used for encrypted
logon via TLS is checked against the certificate on the gateway (read only). For configuration
see Section 3.13.2.2, “Authentication Policy”.
Data required
• Validate SW upgrade: validates if the uploaded Phone software is compatible with the
phone.
• Signalling transport main: Protocol to use for signalling when the main gateway is in use.
Value range: "TCP", "TLS".
• Signalling transport standby: Protocol to use for signalling when the standby gateway is
in use.
Value range: "TCP", "TLS".
• Certificate validation main: Check the phone certificate against the gateway certificate
when the main gateway is in use (read only).
Value range: true, false.
• Certificate validation standby: Check the phone certificate against the gateway certifi-
cate when the main gateway is in use (read only).
Value range: true, false.
• TLS renegotiation: Check whether Server accepts TLS renegotiation.
Value range:
Insecure allowed: Server without TLS renegotiation are accepted
Secure (RFC5746): Only server with TLS renegotiation are allowed
>
For further information on deploying SPE, please refer to the manual of the Open-
Scape system in use, and to the Deployment Service Administration manual.