Reply
Highlighted
Valued Contributor
Posts: 175
0

VVX TLS 1.2 support - Broadsoft R20sp1

Hi guys

 

I recently patched our Broadsoft platform which is running 20sp1 and noticed that the phones then stopped working with DMS.  At looking at the phone logs it appears to be due to the use of TLS v1.2 which was added via a container option on the XSP's.  The phone logs stated:

 

0313062601|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
0313062601|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
0313062602|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
0313062602|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
0313062603|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
0313062603|copy |4|00|SSL_connect error SSL connect error.error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

This happens for both 5.5.1 and 5.4.3 - I have not tried other versions of software load.

 

Is TLS 1.2 supported on Polycom phones?  Is someone able to comment if they have had this before and if they managed to overcome it?  Ideally I dont want to start splitting up applications on our XSP's but it seems as though I may have to...

 

Cheers

 

Dave

Polycom Employee & Community Manager
Posts: 12,535
0

Re: VVX TLS 1.2 support - Broadsoft R20sp1

Hello Dave,

welcome back to the Polycom Community.

Can we get this into support?

 

Can you try and from Web interface Settings > Network > TLS  -- verify SSLV2/V3 enabled as shown in below image.

SSL.PNG

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Valued Contributor
Posts: 175
0

Re: VVX TLS 1.2 support - Broadsoft R20sp1

Hi Steffen

 

I have already tried the steps you have detailed but still no joy....

 

I have managed to engage Broadsoft on this and have managed to find a fix.....

 

The issue was seen due to running the Broadsoft UC-One application for the IOS clients.  As the clients also connect via DMS via the XSP's the container option needed to be changed as per:

 

http://xchange.broadsoft.com/php/xchange/node/492496

 

With the TLS version changed to v1.2 on the XSP as a whole the DMS application was unable to communicate to the Polycom devices which seem to only be able to handle TLS v1??  The container option was then changed to:

 

platform            bw.apache.sslenabledprotocols                                                     -ALL +TLSv1 +TLSv1.2

This allows both v1 and v1.2 to be allowed on the XSP, which in turn also appears to allow the Polycom devices to communicte effectively.

 

Again I'm not sure if Polycom supports v1.2 TLS??

 

Cheers

 

Dave

 

 

Polycom Employee & Community Manager
Posts: 12,535
0

Re: VVX TLS 1.2 support - Broadsoft R20sp1

Hello Dave,

Newer Software should support natively but try the below:

 

<test device.set="1" 
	device.sec.TLS.profile.cipherSuiteDefault1.set="1" 
	device.sec.TLS.profile.cipherSuiteDefault1="0" 
	device.sec.TLS.profile.cipherSuite1.set="1"
	device.sec.TLS.profile.cipherSuite1="ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"/>

If this fails open a ticket.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.