VoIP: SIP-over-TLS and sRTP: Atcom

In each series, the models differ in:

Last tested firmware

2.6.1.a (2421)
retested in Oct. 2019 with 2.6.6.0 (c97e)
retested in May 2020 with 2.7.2.f (4fd0)

Password:	admin/admin or admin/==EP==ZGt1a3c= Web → Phone → Security
HTTPS:	Web → Network → Advanced → Web Server
Update:	Web → Phone → Upgrade
Trust Anchors:	Web → Account → Basic → Account 1 → TLS Server Verification: Enabled Web → Phone → Trusted Certificates Web → Phone → Server Certificate: example This is not the Server Certificate for the HTTPs server of the Web interface. I guess, it is a Client Certificate. Anyway, the phone just needs a(ny) private key, otherwise the SIP-over-TLS client does not start at all.
SIP-URI User:	Web → Account → Basic → Account 1 → User Name
SIP-URI Host:	Web → Account → Basic → Account 1 → SIP Server Web → Account → Advanced → Account 1 → SIP Server Type: Common
SIP-over-TLS:	Web → Account → Basic → Account 1 → SIP Server Port: 5061 Web → Account → Basic → Account 1 → Transport Type: TLS Web → Account → Basic → Account 1 → TLS Version this is not a minimum version, therefore, you have to know the version(s) of your SIP provider (higher is better)
SDES-sRTP:	Web → Account → Advanced → Account 1 → Voice Encryption (SRTP): Optional which is RTP/SAVP + RTP/AVP

SHA-2 Digest:	does not pick MD5, continues without header Authorization, therefore is not able to register; therefore incompatible with Linphone
DNS-SRV:	only for UDP
DNS-NAPTR:	missing
AES-256 sRTP:	wrong name and the key is not 46 but 48 bytes long
ZRTP:	datasheet mentions that feature, but I did not find it
Session Timers:	broken; reset of sRTP-ROC, when re-INVITE Mitigation: Web → Account → Advanced → Account 1 → Use Session Timer: Disabled no full mitigation, because the remote party still can send re-INVITE any time Enabled means required, rather than optional
PRACK:	Enabled means required, rather than optional
Audio DiffServ:	on default, `56` Mitigation: Web → Network → Advanced → Voice QoS: `46` (and change SIP QoS from `46` to `40`)

Bugs:	ECDHE curves with less than 224 bit (OpenSSL 1.0.1; ssl/t1_lib.c:pref_list), requires root of certificate chain as trust anchor (OpenSSL 1.0.1m or older), Cipher Suites include RC4, Single-DES, EXPORT (OpenSSL 1.0.1l or older), Triple-DES preferred over RC4 (OpenSSL 1.0.1h or older), and RSA+MD5 as Signature Algorithm (CVE-2015-7575; OpenSSL 1.0.1e or older)
Privacy:	SIP messages contain MAC device phones home to https://rps.atcom.cn
Responsible Disclosure:	not available
Firmware Update:	missing Automation missing Newsletter

Call Reject (UDUB): Web → Phone → Features → Return Code When Refuse: 486 (default value)
time on display cannot be disabled
- Web → Phone → Preferences → Daylight Saving Time: Enabled
  This should allow timezone changes in the future, even in case of no firmware update.
- Phone → Main Menu → Settings → Basic → Time & Date format → Clock 24 hour
- Phone → Main Menu → Settings → Basic → Time & Date format → Date: not compatible with German

Their previous R- and AT8-series seem to be End-of-Life. However, I do not know for sure, and you have to ask Atcom.

5 V 1 A, Coaxial: 5.5 mm × 2.1 mm