When this Wi-Fi phone was created, Spectralink was still with Polycom. Therefore, the Web interface behaves like Polycom desk phones. Unfortunately, the Web interface is a subset of the Phone interface. And the Phone interface is a subset of the Provisioning interface. In the end, I had to use the Provisioning interface. Still, I prefer the Web interface as the starting point because it allows firmware updates, and via ‘Web → Utilities → Import’ you access the Provisioning interface without the need for a Provisioning server. Thanks to Polycom, Spectralink is one of the few phones which allow DNS-NAPTR. Their TLS settings, defaults, and documentation look great on the first glance. However, I found no way to turn off certificate authentication. Therefore, the use case Opportunistic Security is not possible.
5.6.3
retested in Oct. 2019 with 6.0.0
retested in May 2020 with 6.2.2
Phone → Settings → Advanced → Administration → Network → Interfaces → Wi-Fi → Radio → Regulatory Domain:
| Password: | user/123 and admin/456 Phone → Settings → Advanced → Administration → Change Password, or Web → Settings → Change Password |
| HTTPS: | enabled on default |
| Update: | Web → Utilities → Software Upgrade → Check for Updates with firmware before 4.6, set Custom Server: http://downloads.spectralink.com/software/upgrade/ |
| Trust Anchors: | Phone → Settings → Advanced → Administration → TLS → Custom CA Certificates → Install: Base64 Web → Settings → Network → TLS → (Certificate Configuration → (CA Certificates →) Platform CA: Base64 You have to enter a URL into the field. That field does not default to HTTP; therefore, you have to prepend ‘http://’. Content-Disposition, like provided via crt.sh is not supported. Redirections and upgrades to HTTPs are possible. |
| SIP-URI User: | Phone → Settings → Advanced → Administration → Line → 1 → Address Phone → Settings → Advanced → Administration → Line → 1 → Authentication → User ID or Web → Simple Setup → SIP Line Identification → Address Web → Simple Setup → SIP Line Identification → Authentication User ID |
| SIP-URI Host: | Phone → Settings → Advanced → Administration → Call Server → SIP → Server 1 → Address, or Web → Simple Setup → SIP Server |
| SIP-over-TLS: | enabled on default: does DNS-NAPTR and full TLS authentication for other scenarios like DUStel and Easybell Germany go for: Phone → Settings → Advanced → Administration → Call Server → SIP → Server 1 → Transport: TLS, or Web → Settings → SIP → Server 1 → Transport: TLS |
| SDES-sRTP: | Phone → Settings → Advanced → Administration → Line → 1 → SRTP Menu → SRTP Offer: Yes, or Web → Settings → Lines → Offer SRTP which is RTP/SAVP + RTP/AVP |
| Signaling DiffServ: | Web → Settings → Network → QoS → Call Control → IP DSCP: 40 (default 44) |
| Association with Wi-Fi: | The phone asks for Wi-Fi Multimedia Admission Control (WMM-AC), which can be disabled via Phone → Settings → Advanced → Administration → Network → Interfaces → Wi-Fi → AC Required: No. The phone asks for Wi-Fi Power Save (WMM-PS), which cannot be disabled. Furthermore, if a Wi-Fi access point advertises its capabilities incorrectly, the phone does not associate with the access point even if it allows Unscheduled Automatic Power Save Delivery (U-APSD). Whether your access point broadcasts the correct flags: Phone → Settings → Advanced → Administration → Diagnostics → Site Survey → Start → All → Detail:
|
| Roaming in Wi-Fi: | In contrast to my other Wi-Fi phones (Ascom, Nokia Mobile Phones, or iOS apps), I was not able to move between two access points, while talking. Even my SIM-based Wi-Fi Calling (VoWiFi) phones using Qualcomm, MediaTek, and Intel work great here—and my Spectralink fails. |
| SHA-2 Digest: | ignores algorithm and picks last |
| IP Port Source: | not the actual port but another ephemeral port in the SIP headers Via and Contact Mitigation: unknown; service has to ignore it and re-use the TCP based connection instead |
| Bugs: | DNS-SRV redirection disables Hostname Validation, padlock icon even without SIP-over-TLS, and missing TLS_ECDHE_[RSA|ECDSA]_WITH_AES_128_GCM_SHA256 |
| Responsible Disclosure: | I had to write a postal letter |
| Firmware Update: | missing Automation missing Newsletter |
5 V 0.5 A, Micro-USB