The voicemail password used to secure the connection between the IP Office and Voicemail Pro services is now fixed to 31-characters in length.

• On new installs, a suitable 31-character password is automatically generated on first connection between the two services.

• Existing systems can continue with existing shorter passwords. However, on any password change, the 31-character password length requirement is enforced.

H.323/SIP Cipher Level Settings

The H.323 Security Level and SIP Security Level settings have been added to the certificate security settings. These control the minimum accepted cipher strength for H.323/SIP phone and trunk connections. They replace the previous NUSN options added for IP Office R11.1.2.x systems.

Enhanced Certificate Checks

The following enhancements have been made to received certificate checks performed by the IP Office:

• The Medium and High certificate check levels now include the following additional checks:

  • Check that the certificate has a key usage defined.

  • If the certificate has extended key usage settings, check they match the purpose for which the certificate is being used.

  • Check that the certificate does not include any unknown critical extension.

  • Note: For systems upgraded to R11.1.3, these additional checks are not used unless the existing Enhanced Certificate Checks settings is changed.

• The certificate checks can now include hostname validation, and verifying that the certificate source is authoritative for the SIP domain (RFC5922). This is done by changing the Medium and High certificate checks options to Medium + Remote Checks and High + Remote Checks respectively.

SIP Trunk Server Name Indication (SNI) Support

For SIP trunks, two new SLIC entries (SLIC_ADD_SIP_SAN and SLIC_ADD_SAN) can be used to add the IP Office ITSP Domain Name or ITSP Proxy Address as an SNI value where required by the ITSP during initial TLS connection.