Skip to main content
Chat with Biamp tech support
Biamp Cornerstone

Supported Certificates for Tesira VoIP endpoints

  1. Last updated
  2. Save as PDF

Wrench_Bld.png

 

This article covers which SSL Certificates are supported by Biamp VoIP capable hardware. This information is frequently requsted by VoIP vendors when configuring Biamp VoIP endpoints.

 

TesiraFORTE VI, TesiraFORTE VT, and Tesira SVC-2

As of Tesira Firmware v4.2.0, these FORTÉs support and accept some wild card certificates.

  • All certificates, including Wildcard, are accepted by default when TLS is enabled.
  • Supported AES-256 ciphers:
    •   AES_256_ECB
    •   AES_256_CBC
    •   AES_256_CFB128
    •   AES_256_CTR
    •   AES_256_GCM
    •   AES_256_CCM
  • These FORTÉs support TLS 1.0 and 1.2

 

FORTÉ X

Interface: VoIP X uses Linphone for its VoIP interface, 

Cipher suites: Linphone uses OpenSSL. Biamp uses the default ciphers string:

‘HIGH:!SSLv2:!SSLv3:!TLSv1:!EXP:!ADH:!RC4:!3DES:!aNULL:!eNULL’

Wild cards: Biamp firmware does not explicitly forbid wild card certificates, making them acceptable as well.

For OpenSSL on a ForteX and Devio SCX , this resolves to the following list.

  • 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=ECDH       Au=RSA   Enc=AESGCM(256) Mac=AEAD
  • 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH       Au=ECDSA Enc=AESGCM(256) Mac=AEAD
  • 0xC0,0x28 - ECDHE-RSA-AES256-SHA384          TLSv1.2 Kx=ECDH       Au=RSA   Enc=AES(256)    Mac=SHA384
  • 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384        TLSv1.2 Kx=ECDH       Au=ECDSA Enc=AES(256)    Mac=SHA384
  • 0x00,0xA5 - DH-DSS-AES256-GCM-SHA384         TLSv1.2 Kx=DH/DSS     Au=DH    Enc=AESGCM(256) Mac=AEAD
  • 0x00,0xA3 - DHE-DSS-AES256-GCM-SHA384        TLSv1.2 Kx=DH         Au=DSS   Enc=AESGCM(256) Mac=AEAD
  • 0x00,0xA1 - DH-RSA-AES256-GCM-SHA384         TLSv1.2 Kx=DH/RSA     Au=DH    Enc=AESGCM(256) Mac=AEAD
  • 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384        TLSv1.2 Kx=DH         Au=RSA   Enc=AESGCM(256) Mac=AEAD
  • 0x00,0x6B - DHE-RSA-AES256-SHA256            TLSv1.2 Kx=DH         Au=RSA   Enc=AES(256)    Mac=SHA256
  • 0x00,0x6A - DHE-DSS-AES256-SHA256            TLSv1.2 Kx=DH         Au=DSS   Enc=AES(256)    Mac=SHA256
  • 0x00,0x69 - DH-RSA-AES256-SHA256             TLSv1.2 Kx=DH/RSA     Au=DH    Enc=AES(256)    Mac=SHA256
  • 0x00,0x68 - DH-DSS-AES256-SHA256             TLSv1.2 Kx=DH/DSS     Au=DH    Enc=AES(256)    Mac=SHA256
  • 0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384       TLSv1.2 Kx=ECDH/RSA   Au=ECDH  Enc=AESGCM(256) Mac=AEAD
  • 0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384     TLSv1.2 Kx=ECDH/ECDSA Au=ECDH  Enc=AESGCM(256) Mac=AEAD
  • 0xC0,0x2A - ECDH-RSA-AES256-SHA384           TLSv1.2 Kx=ECDH/RSA   Au=ECDH  Enc=AES(256)    Mac=SHA384
  • 0xC0,0x26 - ECDH-ECDSA-AES256-SHA384         TLSv1.2 Kx=ECDH/ECDSA Au=ECDH  Enc=AES(256)    Mac=SHA384
  • 0x00,0x9D - AES256-GCM-SHA384                TLSv1.2 Kx=RSA        Au=RSA   Enc=AESGCM(256) Mac=AEAD
  • 0x00,0x3D - AES256-SHA256                    TLSv1.2 Kx=RSA        Au=RSA   Enc=AES(256)    Mac=SHA256
  • 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256      TLSv1.2 Kx=ECDH       Au=RSA   Enc=AESGCM(128) Mac=AEAD
  • 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH       Au=ECDSA Enc=AESGCM(128) Mac=AEAD
  • 0xC0,0x27 - ECDHE-RSA-AES128-SHA256          TLSv1.2 Kx=ECDH       Au=RSA   Enc=AES(128)    Mac=SHA256
  • 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256        TLSv1.2 Kx=ECDH       Au=ECDSA Enc=AES(128)    Mac=SHA256
  • 0x00,0xA4 - DH-DSS-AES128-GCM-SHA256         TLSv1.2 Kx=DH/DSS     Au=DH    Enc=AESGCM(128) Mac=AEAD
  • 0x00,0xA2 - DHE-DSS-AES128-GCM-SHA256        TLSv1.2 Kx=DH         Au=DSS   Enc=AESGCM(128) Mac=AEAD
  • 0x00,0xA0 - DH-RSA-AES128-GCM-SHA256         TLSv1.2 Kx=DH/RSA     Au=DH    Enc=AESGCM(128) Mac=AEAD
  • 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256        TLSv1.2 Kx=DH         Au=RSA   Enc=AESGCM(128) Mac=AEAD
  • 0x00,0x67 - DHE-RSA-AES128-SHA256            TLSv1.2 Kx=DH         Au=RSA   Enc=AES(128)    Mac=SHA256
  • 0x00,0x40 - DHE-DSS-AES128-SHA256            TLSv1.2 Kx=DH         Au=DSS   Enc=AES(128)    Mac=SHA256
  • 0x00,0x3F - DH-RSA-AES128-SHA256             TLSv1.2 Kx=DH/RSA     Au=DH    Enc=AES(128)    Mac=SHA256
  • 0x00,0x3E - DH-DSS-AES128-SHA256             TLSv1.2 Kx=DH/DSS     Au=DH    Enc=AES(128)    Mac=SHA256
  • 0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256       TLSv1.2 Kx=ECDH/RSA   Au=ECDH  Enc=AESGCM(128) Mac=AEAD
  • 0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256     TLSv1.2 Kx=ECDH/ECDSA Au=ECDH  Enc=AESGCM(128) Mac=AEAD
  • 0xC0,0x29 - ECDH-RSA-AES128-SHA256           TLSv1.2 Kx=ECDH/RSA   Au=ECDH  Enc=AES(128)    Mac=SHA256
  • 0xC0,0x25 - ECDH-ECDSA-AES128-SHA256         TLSv1.2 Kx=ECDH/ECDSA Au=ECDH  Enc=AES(128)    Mac=SHA256
  • 0x00,0x9C - AES128-GCM-SHA256                TLSv1.2 Kx=RSA        Au=RSA   Enc=AESGCM(128) Mac=AEAD
  •  0x00,0x3C - AES128-SHA256                    TLSv1.2 Kx=RSA        Au=RSA   Enc=AES(128)    Mac=SHA256
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Stage
    Final
  2. Tags
    1. Simple Solutions
    2. wildcard