That may be the case but the facts are that there has been changes to TLS in the last two years. My previous posts cover this. The SPA112 doesn’t have current and proper CAs, might be missing algorithms or ciphers that are being used now. There would need to be a firmware update to support these changes.
As for setting up the SPA112, you set it up just like you would if it was UDP but you set the SIP Transport to TLS and use the TLS port the PBX is listening on in the Proxy field so ipaddress:5061 for example. The TLS cert should be installed and used at the PBX, the phone shouldn’t need anything in that regards.