OK, people really need to pay attention to things.
End of SW Maintenance Releases Date:
HW The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. June 1, 2020
Last Date of Support:
HW The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete. May 31, 2025
So unless you have some sort of extended warranty on this device until 2025 or a support contract with Cisco, you ain’t getting jack until 2025.
So would just using UDP at this point. TLS1.0 offers you no real security outside of feeling like things are secure. Security isn’t about just giving you good feels, it is about actual security.
This has been an exercise in sunken costs. You bought a Cisco SPA112 that you wanted to use TLS with, it doesn’t support current TLS standards so instead of spending another $50 on an HT802 (like suggested) you spent days trying to make this SPA112 work because basically you had it. So yeah, in the end you have TLS in the loosest sense that offers you no real security because it can be exploited.
Im exhuasted reading this. wasted time I cant get back. So pointless. I use SPA112’s all the time ON THE LOCAL LAN. Works great, but over the interwebs… HT802 is my go to for this very reason. So much wasted time here on all accounts.
Browsers need to have a local copy of the certificate, or more likely, a certificate in the chain of signing certificates (and in the latter case, the server has to send any certificates between its certificate and the signing one. Without that certificates become an over complicated way of exchanging keys with an unknown party.
Right and my current model Yealinks and Ploys have those just like current browsers do. I have yet to have to load CAs into phones when using public certs.
Yeah, one of the reasons I don’t use LE is because they are behind the curve with things like this. I mean I got nothing against LE but I found that spending $6/cert for things generally solves problems not to mention I put certs on things that just can’t update every 3 months with certbot.
Just an exercise of configuring security for my hobby voip network. I have my raspbx abroad and I use it sometimes to call home. Security isn’t of the highest importance here but it was a ‘nice to have’ feature and I liked to spend time configuring it because I learned some stuff along the way.
Basically I need the SPA only to configure an extension using a rotary phone, I already have Zoiper running on Android as well as a fixed Grandstream 1625 which have no issues running TLSv1.2 via Let’sEncrypt.
Created a self-signed RootCA and used it to sign a server certificate. I pointed the SPA to this certificate and it registered immediately. Now I use it with all extensions and don’t have any issues so far.
I thought it was clear in my last post, I’ve created my own certificates and now everything is set up with the appropriate level of security. This post can be closed.
A) Self Signed Certs are largely a waste of time outside a local network
B) Legacy devices should either have fully acceptable certs installed for general acceptability. or none if they are local because in that case TLS itself is a waste of time.