On 01/02/12 10:58, Stuart Elvish wrote: > Thanks for the clarification. I have looked at Polycom's website and > saw which phones have the latest firmware (or at least a firmware that > supports TLS) available. > > Didn't get around to the testing with the chained certificate but will > try again this evening. > >
One thing that frustrates people about Polycom is the very limited list of root CAs they support - it was probably OK when they first started doing SSL, but things have changed a lot now The latest phones (e.g. IP321) have more memory than those they replace (e.g. IP320) and so they should be able to handle a larger list of built in root CAs (which Polycom can distribute through the firmware update). The obvious ones that are missing are the budget CAs: - CaCert.org (all certs are free) - startssl.com (which has some free certs) - GoDaddy These budget CAs are now supported by the various Linux distributions and Android phones, so they are clearly above a certain threshold of stability Polycom phones should also be able to handle 4096 bit certs with the extra memory, but that appears to need remediation in the firmware (I tried installing a custom 4096 bit cert and it didn't accept it) If anyone is registered with Polycom as a reseller, they can quote these issue numbers: EXT-3192 GoDaddy root CA cert https://jira.polycom.com:8443/browse/EXT-3192 EXT-3193 CACert root CA cert https://jira.polycom.com:8443/browse/EXT-3193 EXT-3238 Support for 4096 bit keys https://jira.polycom.com:8443/browse/EXT-3238 As in most commercial enterprises, the more customers who request fixes on these issues, the higher it will go on their priority list -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
