Modify TLS cipher suites

You can specify which cipher suites to use for encrypting SIP messages when using TLS on the SIP lines. The CIC server uses the activated TLS cipher suites in the order in which they appear.

The following weaker cipher suites do not comply with PCI standards and no longer appear in the list for you to activate:

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_RSA_WITH_DES_EDE_CBC_SHA

• TLS_RSA_WITH_RC4_128_SHA

• TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

If you previously activated any of these weaker cipher suites, they still appear in the list as activated. Once you deactivate any of these weaker cipher suites, the cipher suite is no longer available in the list.

To modify the TLS cipher suites

1. Open the TLS Security tab of the Line Configuration dialog box.

   Note: In order to access the TLS Security tab, you just first select TLS as the transport protocol on the Transport tab.

2. Click Modify Cipher Suites.
   The TLS Cipher Suites dialog box appears.

3. Do any of the following:

   • To activate a cipher suite, select its check box.

   • To deactivate a cipher suite, deselect its check box.

   • Use the Move Up and Move Down buttons to change the order of the cipher suites.

   • Click Default to restore the default cipher suites settings.

4. Click OK.

Related topics

SIP line TLS security options

Select certificate authorities for a SIP line

Configure a SIP line