Certificates and Transport Layer Security (TLS)

Last Updated : Apr 20, 2022 |

Certificates are used by TLS in a number of ways:

Exchanging the keys used for the symmetric encryption at the beginning of the session.
Verifying the identity of the TLS server.
Verifying the identity of the TLS client.

Due to the way TLS works, the server must always have a certificate else the TLS session cannot start, and that certificate is always presented to the client. In order to obtain the client's certificate, the server must explicitly request it.

Typically the identity verification of both client and server is configurable, along with the exact set of checks carried out on the received certificate(s). Without such checks TLS can be susceptible to man-in-the-middle attacks.

The IP Office platform supports TLS v1.0, v1.1 and v1.2. All TLS interfaces start with TLS v1.2 but can allow negotiation down to v1.1 or v1.0 for compatibility. There are IP Office, Voicemail Pro, IP Office Web Manager and Avaya one-X® Portal for IP Office admin settings for 'Minimum TLS version' that enforce v1.2.

Note that some Avaya clients do not support v1.2 at present. See IP Office VoIP Endpoint Security.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found

AVAYA DOCUMENTATION CENTER

No results found

IP Office Security Guidelines

Certificates and Transport Layer Security (TLS)