Configuring a TLS Profile

The TLS profile configuration contains the information required to run SIP over TLS.

Obtain the necessary certificates.
Confirm that the system displays the Superuser mode.

When the Oracle Communications Session Border Controller (OCSBC) negotiates with TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.

Access the tls-profile configuration element.

ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# tls-profile
ORACLE(tls-profile)#

name—Enter the name of the TLS profile. Required.
end-entity-certificate—Enter the name of the entity certification record.
trusted-ca-certificates—Enter the names of the trusted CA certificate records.
cipher-list—Use either the default DEFAULT, or enter a list of ciphers that you want to support. For a complete list of supported ciphers, see the Oracle Communications Session Border Controller Release Notes.
verify-depth—Specify the maximum depth of the certificate chain to verify. Default: 10. Valid range: 0-10.
mutual-authenticate—Define whether or not you want the OCSBC to mutually authenticate the client. Valid values: enabled | disabled. Default: disabled.
tls-version—Enter the TLS version that you want to use with this TLS profile. Valid values are:
- compatibility (default) — When the Oracle Communications Session Border Controller negotiates on TLS, it starts with the highest TLS version and works its way down until it finds a compatible version and cipher that works for the other side.
- tlsv1
- tlsv11
- tlsv12
Note:
The sslmin option in security-config specifies the lowest TLS version allowed when tls-version is set to compatibility. By default, compatibility mode excludes TLS 1.0 unless sslmin is set to tlsv10.
Type done to save your configuration.