Plantronics + Polycom. Now together as Poly Logo

VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

SOLVED
Highlighted
Frequent Advisor

VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Hi,

 

we run a number of VVX600 hard sents with firmware 5.5.2.8571

 

are part of the PCI complance for our credit card terminal we were asked to disbale SSL 3.0 & TLS 1.0 protocols on our public facing IIS servers (which included S4B Edge Server)

 

i disabled the following Protocols  as i beleive they are all insecure:

 

PCT 1.0

SSL 2.0

SSL 3.0

TLS 1.0

 

after this the VVX handsets would not sign in.

 

(1) which of the above list are required for VVX handsets to comunicate with the Edge Server?

 

(2) can TLS 1.1 or 1.2 be used instead?

 

thanks

 

jack

 

 

Message 1 of 9
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Polycom Employee & Community Manager

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Hello Jack,

The best way to check the defaults of Parameters is to follow this FAQ post:

 

Jan 14, 2015 Question:Finding the default values for configuration parameters for Polycom Phones?

Resolution: Please check => here <=

 

If some are missing in the Admin Guide I can open internally a Doc Bug.

 

In case of Syslog the correct Parameter is:

 

device.sec.TLS.protocol.syslog

as with all the device parameters you need:

 

device.set="1" device.sec.TLS.protocol.syslog.set="1" device.sec.TLS.protocol.syslog=""

Obviously you need to fill device.sec.TLS.protocol.syslog with the right supported protocol.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 9 of 9
8 REPLIES 8
Highlighted
Polycom Employee & Community Manager

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Hello Jack,

 

this community can only work if you follow up your old posts.

 

Did you get Consumer Skype working as mentioned => here <=

 

Yes or No ?

 

The above is just an example post as there are many more => here <=

 

For your new Question this would be a Microsoft question as the Edge Server is their product so I would ask in one of their community's or open a support ticket with them.

 

You can always come back here and follow this up for others to learn.

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 9
Highlighted
Frequent Advisor

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

i only updated the handsets today for all the employees so we are waiting for our Turkish office to do some test calls

Message 3 of 9
Highlighted
Frequent Advisor

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Steffen,

 

as you can see from the attached screenshot - there is no TLS 1.1 or 1.2 option for Provisioning or Web Services.

 

is there a way to enable this?

 

thanks

 

jack

 

Highlighted
Polycom Employee & Community Manager

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Hello Jack,

Future version will add security enhancement and the retiring of certain TLS versions etc.

 

I am unable to talk about this in public so I can only advise you to check with your Polycom reseller and/or get in touch with a Polycom sales engineer so you can access maybe our Beta Program.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 5 of 9
Highlighted
Frequent Advisor

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Steffen

 

i have contacted our reseller Rocom to open a support case

 

Jack

 

PS. i am not seeing anywhere to mark ACCEPT AS SOLUTION

Message 6 of 9
Highlighted
Polycom Employee & Community Manager

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Can you not see

 

Accept.PNG

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 7 of 9
Highlighted
Frequent Advisor

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Steffen,

 

i cannot see in the documentation the following configurations which i can see in the uploaded confuguration file:

 

sec.TLS.protocol.ldap="TLSv1_2"
sec.TLS.protocol.sip="TLSv1_2"
sec.TLS.protocol.webServer="TLSv1_2"
sec.TLS.protocol.xmpp="TLSv1_2" -->

 i belive this is Presence??

 

as per the attached picture i have set the following to TLS 1.2:

 

Syslog

SIP

Presence

LDAP

Web Server

 

so it appears that Syslog is missing from the above confgiration paramters.

 

will they work if i add them to by CFG file to update all handsets?

 

thanks

 

jack

 

 

Highlighted
Polycom Employee & Community Manager

Re: VVX600 Edge Server - SCHANEL Protocols required on IIS? PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0

Hello Jack,

The best way to check the defaults of Parameters is to follow this FAQ post:

 

Jan 14, 2015 Question:Finding the default values for configuration parameters for Polycom Phones?

Resolution: Please check => here <=

 

If some are missing in the Admin Guide I can open internally a Doc Bug.

 

In case of Syslog the correct Parameter is:

 

device.sec.TLS.protocol.syslog

as with all the device parameters you need:

 

device.set="1" device.sec.TLS.protocol.syslog.set="1" device.sec.TLS.protocol.syslog=""

Obviously you need to fill device.sec.TLS.protocol.syslog with the right supported protocol.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 9 of 9