TLS Platform Profile and Application Profile Parameters

By default, all Polycom-installed profiles are associated with the default cipher suite and use trusted and widely recognized CA certificates for authentication.

The following table shows parameters for TLS Platform Profile 1. To configure TLS Platform Profile 2, use a 2 at the end of the parameter instead of a 1. For example, set device.sec.TLS.profile.caCertList2 instead of .caCertList1 .

You can use the parameters in the following table to configure the following TLS Profile feature options:
  • Change the cipher suite, CA certificates, and device certificates for the two platform profiles and the six application profiles.
  • Map profiles directly to the features that use certificates.
Table 1. TLS Platform Profile and Application Profile Parameters

Template

Parameter

Permitted Values

Change Causes Restart or Reboot

device.cfg, site.cfg

device.sec.TLS.customCaCert1

Specify a custom certificate.

Null (default)

String (maximum of 12288 characters)

No

device.cfg, site.cfg

device.sec.TLS.profile.caCertList1

Specify which CA certificates to use.

Null (default)

String (maximum of 1024 characters)

No

device.cfg, site.cfg

device.sec.TLS.profile.cipherSuite1

Specify the cipher suite.

Null (default)

String (maximum of 1024 characters)

No

device.cfg, site.cfg

device.sec.TLS.profile.cipherSuiteDefault1

Null (default)

0 - Use the custom cipher suite.

1 - Use the default cipher suite.

No

device.cfg, site.cfg

device.sec.TLS.profile.deviceCert1

Specify which device certificates to use.

Builtin (default)

Builtin, Platform1, Platform2

No

site.cfg

sec.TLS.cipherList

Specifies the cipher list for all applications except web server.

ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!MD5:!RC4:@STRENGTH (default)

String (maximum of 1024 characters)

No

site.cfg

sec.TLS.customCaCert.x

The custom certificate for TLS Application Profile x (x= 1 to 6).

Null (default)

String

No

site.cfg

sec.TLS.customDeviceKey.x

The custom device certificate private key for TLS Application Profile x (x= 1 to 6).

Null (default)

String

No

site.cfg

sec.TLS.exchangeServices.cipherList

Specifies the cipher list for Exchange services profile.

(default) ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!MD5:!RC4:@STRENGTH

String (maximum of 1024 characters)

The format for the cipher list uses OpenSSL syntax found at

https://www.openssl.org/docs/man1.0.2/apps/ciphers.html

No

site.cfg

sec.TLS.profile.exchangeServices.cipherSuiteDefault

1 (default) - Use the default cipher suite of Exchange services for the TLS Application Profile.

0 - Use the custom cipher suite of Exchange services for the TLS Application Profile.

No

site.cfg

sec.TLS.profile.x.caCert.application1

1 (default) - Enable a CA Certificate for TLS Application Profile 1.

0 - Disable a CA Certificate for TLS Application Profile 1.

No

site.cfg

sec.TLS.profile.x.caCert.application2

1 (default) - Enable a CA Certificate for TLS Application Profile 2.

0 - Disable a CA Certificate for TLS Application Profile 2.

No

site.cfg

sec.TLS.profile.x.caCert.application3

1 (default) - Enable a CA Certificate for TLS Application Profile 3.

0 - Disable a CA Certificate for TLS Application Profile 3.

No

site.cfg

sec.TLS.profile.x.caCert.application4

1 (default) - Enable a CA Certificate for TLS Application Profile 4.

0 - Disable a CA Certificate for TLS Application Profile 4.

No

site.cfg

sec.TLS.profile.x.caCert.application5

1 (default) - Enable a CA Certificate for TLS Application Profile 5.

0 - Disable a CA Certificate for TLS Application Profile 5.

No

site.cfg

sec.TLS.profile.x.caCert.application6

1 (default) - Enable a CA Certificate for TLS Application Profile 6.

0 - Disable a CA Certificate for TLS Application Profile 6.

No

site.cfg

sec.TLS.profile.x.caCert.application7

1 (default) - Enable a CA Certificate for TLS Application Profile 7.

0 - Disable a CA Certificate for TLS Application Profile 7.

No

site.cfg

sec.TLS.profile.x.caCert.defaultList

Specifies the list of default CA Certificate for TLS Application Profile x (x=1 to 7).

Null (default)

String

No

site.cfg

sec.TLS.profile.x.caCert.platform1

1 (default) - Enable a CA Certificate for TLS Platform Profile 1.

0 - Disable a CA Certificate for TLS Platform Profile 1.

No

site.cfg

sec.TLS.profile.x.caCert.platform2

1 (default) - Enable a CA Certificate for TLS Platform Profile 2.

0 - Disable a CA Certificate for TLS Platform Profile 2.

No

site.cfg

sec.TLS.profile.x.cipherSuite

Specifies the cipher suite for TLS Application Profile x (x=1 to 8).

Null (default)

String

No

site.cfg

sec.TLS.profile.x.cipherSuiteDefault

1 (default) - Use the default cipher suite for TLS Application Profile x (x= 1 to 8).

0 - Use the custom cipher suite for TLS Application Profile x (x= 1 to 8).

No

site.cfg

sec.TLS.profile.x.deviceCert

Specifies the device certificate to use for TLS Application Profile x (x = 1 to 7).

Polycom (default)

Platform1, Platform2, Application1, Application2, Application3, Application4, Application5, Application6,Application7

No

site.cfg

sec.TLS.webServer.cipherList

Specify the cipher list for web server.

ALL:!aNULL:!eNULL:!DSS:!SEED:!ECDSA:!IDEA:!MEDIUM:!LOW:!EXP:!DH:!AECDH:!PSK:!SRP:!AES256-SHA:!AES128-SHA:!MD5:!RC4:@STRENGTH (default)

String (maximum of 1024 characters)

No