Configuring a TLS Profile

The TLS profile configuration contains the information required to run SIP over TLS.

• Obtain the necessary certificates.
• Confirm that the system displays the Superuser mode.

When the Oracle® Enterprise Session Border Controller (E-SBC) negotiates with TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.

1. Access the tls-profile configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# tls-profile
   ORACLE(tls-profile)# 

2. name—Enter the name of the TLS profile. Required.
3. end-entity-certificate—Enter the name of the entity certification record.
4. trusted-ca-certificates—Enter the names of the trusted CA certificate records.
5. cipher-list—Use either the default all, or enter a list of ciphers that you want to support.
6. verify-depth—Specify the maximum depth of the certificate chain to verify. Default: 10. Valid range: 0-10.
7. mutual-authenticate—Define whether or not you want the E-SBC to mutually authenticate the client. Valid values: enabled | disabled. Default: disabled.
8. tls-version—Enter the TLS version that you want to use with this TLS profile. Valid values are:
   • compatibility (default) — When the Oracle Communications Session Border Controller negotiates on TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.
   • tlsv1
   • tlsv11
   • tlsv12
   • SSLv3

   Note:

   The security-config > sslmin option works in conjunction with the tls-profile's tls-version parameter when it is set to compatibility. For profiles that negotiate to compatible versions, the sslmin option specifies the lowest TLS version allowed.
9. Type done to save your configuration.