Introduction
At the end of this article, you should be able to set up and manage TLS/SRTP for your Yealink devices should you wish to use this service.
TLS/SRTP encryption setup
Transport Layer Security (TLS) is a security protocol designed to facilitate privacy and data security encrypting voice traffic. SRTP will prevent the media from malicious attack such as eavesdropping. In-order to subscribe to this feature, please contact our support team and request for TLS support to be enabled on your account, subscription fees apply. Once our support department has confirmed you have TLS enabled, you will be able to see your standard registration port number updated to 7061.
Login to the web interface of the Yealink handset. Choose TLS as your transport protocol and update the port number of the server host field. Click on the confirm button and the device will be registered.
Select the advanced option from the menu on the left and set RTP encryption (SRTP) as optional, as the image below shows.
The final process is to update the enabled codecs list. Select the account tab and clicking on the codec from the menu on the left. Remove G722 from the enable codecs and then click on confirm, once completed test an outbound call.
TLS troubleshooting
Should you have issues with calls failing to establish you will need to check the security settings on the handset. The most likely cause is the firmware on the device not including a full list of the trusted security certificate authorities. To resolve this issue select the security tab and then trusted certificates, update the option to accept only trusted certifications. Don't forget to confirm your changes.