/mcpDescription Setting From the drop-down list, choose one of the following options: • Non Secure—No security features except image, file, and device authentication exist for the phone. A TCP connection opens to Unified Communications Manager. • Authenticated—Unified Communications Manager provides integrity and authentication for the phone. A TLS connection that uses NULL/SHA opens for signaling. • Encrypted—Unified Communications Manager provides integrity, authentication, and signalling encryption for the trunk. The following are the supported ciphers: TLS Ciphers This parameter defines the ciphers that are supported by the Unified Communications Manager for establishing SIP TLS and inbound CTI Manager TLS connections. Strongest- AES-256 SHA-384 only: RSA Preferred • TLS_ECDHE_RSA with AES256_GCM_SHA384 • TLS_ECDHE_RSA with AES256_GCM_SHA384 Note It is recommended that the value of the parameter 'SRTP Ciphers' be set to the value 'Strongest - AEAD AES-256 GCM cipher only'. With this option chosen, the phones will not register on authenticated mode. Strongest- AES-256 SHA-384 only: ECDSA Preferred • TLS_ECDHE_ECDSA with AES256_GCM_SHA384 • TLS_ECDHE_RSA with AES256_GCM_SHA384 Medium- AES-256 AES-128 only: RSA Preferred Note It is recommended that the value of the parameter 'SRTP Ciphers' be set to the value 'Strongest - AEAD AES-256 GCM cipher only'. With this option chosen, the phones will not register on authenticated mode. • TLS_ECDHE_RSA with AES256_GCM_SHA384 • TLS_ECDHE_ECDSA with AES256_GCM_SHA384 • TLS_ECDHE_RSA with AES128_GCM_SHA256 • TLS_ECDHE_ECDSA with AES128_GCM_SHA256 Note It is recommended that the value of the parameter 'SRTP Ciphers' be set to the value 'Medium - AEAD AES-256,AES-128 GCM ciphers only'. With this option chosen, the phones will not register on authenticated mode. Medium- AES-256 AES-128 only: ECDSA Preferred Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 142 Basic System Security Phone Security Profile Settings