McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 122

↗ View in doc context
page
122
source
cucm/v15/tapi-dev-guide/tapi-dev-guide.md
chunk_id
cucm::v15::tapi-dev-guide::tapi-dev-guide::116

Presentation Indication Secure TLS From Release 15SU4 onwards, TAPI supports TLS 1.3. For more information, see the "TLS 1.3 Setup (From Release 15SU2 Onwards)" chapter in the Security Guide for Cisco Unified Communications Manager. The supported ciphers when communicating with both CAPF and CTI Manager in FIPS and non-FIPS modes are as follows: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA Note Establishing secure connection to CTIManager involves application user to configure more information through Cisco TSP UI. This information will help TSP to create its own client certificate. This certificate is used to create a mutually authenticated secure channel between TSP and CTIManager. TSP UI adds a new tab called Security and the options that are available on this tab follows: • Check box for Secure Connection to CTIManager: If checked, TSP will connect over TLS CTIQBE port (2749); otherwise, TSP will connect over CTIQBE port (2748). • Default setting specifies non secure connection and the setting will remain unchecked. Ensure that the security flag for the TSP user is enabled through Unified Communications Manager Administration as well. CTIManager will perform a verification check whether a user who is connecting on TLS is allowed to have secure access. CTIManager will allow only security enabled users to connect to TLS port 2749 and only non secure users to connect to CTIQBE port 2748. The user flag to enable security depends on the cluster security mode. If cluster security mode is set to secure, user security settings will have a meaning; otherwise, the connection has to be non secure. If secure connection to CTIManager is checked, the following settings will get enabled for editing. • CAPF Server: CAPF server IP address from which to fetch the client certificate. • CAPF Port: (Default 3804) – CAPF Server Port to connect to for Certificate download. • Authorization Code (AuthCode): Required for Client authentication with CAPF Server and Private Key storage on client machine. • Instance ID(IID): Each secure connection to CTIManager must have its own certificate for authentication. With the restriction of having a distinct certificate per connection, CAPF Server needs to verify that the user with appropriate AuthCode and IID is requesting the certificate. CAPF server will use AuthCode and IID to verify the user identity. After CAPF server provides a certificate, it clears the AuthCode to make sure only one instance of an app requests a certificate based on a single AuthCode. CCM admin will allow user configuration to provide multiple IID and AuthCode. Cisco Unified TAPI Developers Guide for Cisco Unified Communications Manager, Release 15 and SUs 90 Features Supported by TSP Presentation Indication