VoIP: SIP-over-TLS and sRTP: Unify

Unify (former Siemens Enterprise Communications; SMC). Although not advertised, those devices come not with HFA enabled but with a SIP-enabled firmware out of the box, which does not need any central configuration/provisioning server. Even then, you can flash HFA to SIP. Thanks to the built-in Web-based Management (WBM), attaching the phone to your Digium Asterisk, for example, is possible. However, certificate installation was not tested because it requires a Deployment Service (DLS), which is simply an app requiring Windows Server 2012 R2 Standard (or can be built by yourself with the help of the official guide). By the way, the Web interface allows the upload of ringtones but not certificates; go figure!

Last tested firmware

5.14.0 SIP
retested in Oct. 2019 with 6.14.0 SIP
retested in May. 2020 with 7.5.0 SIP
DLS V7 R2.9.0 (436) is available there, too.
DLS V7 R3.0.0 (495) is the latest version.

Configuration

Password:	admin/123456 Web → Administrator → Security → Password → Change admin password
HTTPS:	enabled on default
Update:	Web → Administrator → File transfer → Phone application → Upgrade using file
Trust Anchors:	not possible without DLS, therefore: Web → Administrator → System → Security → SIP server certificate validation: Off Web → Administrator → Security → Certificates → Authentication policy → Secure SIP server: None
SIP-URI User:	Web → Administrator → System → System identity → Terminal number Web → Administrator → System → System identity → User ID
SIP-URI Host:	Web → Administrator → System → Registration → SIP server address Web → Administrator → System → Registration → SIP registrar address Web → Administrator → System → Registration → Server type: Other
SIP-over-TLS:	Web → Administrator → System → SIP interface → SIP transport: TLS
SDES-sRTP:	Web → Administrator → System → Security → SRTP config → Use secure calls: On Web → Administrator → System → Security → SRTP config → SRTP key mode: SDES which is RTP/AVP with crypto

Software Bugs

DNS-NAPTR:

missing

Security

Bugs:	SIP-over-TLS: missing TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 DTLS-sRTP: missing TLS_ECDHE_[RSA\|ECDSA]_WITH_AES_128_GCM_SHA256
Responsible Disclosure:	via E-mail
Firmware Update:	missing Automation missing Newsletter

Miscellaneous

time on display cannot be disabled
- Web → Administrator → Date and time → Auto time change
  Might break in the future. Then, you have to adjust Daylight-Saving Time (DST) manually.
- Phone → Settings → User → Locality → Time format: 24 hour
- Phone → Settings → User → Locality → Date format: dd.mm.yy

Model Range

since 2016:
- Unify OpenScape Desk Phone CP600
- Unify OpenScape Desk Phone CP600E
- Unify OpenScape Desk Phone CP400
- Unify OpenScape Desk Phone CP205
- Unify OpenScape Desk Phone CP200 (tested)
- Unify OpenScape Desk Phone CP100
since 2013:
- Unify OpenScape Desk Phone IP 55G
- Unify OpenScape Desk Phone IP 35G (Eco)
since 2009 (not the T models, because those are ISDN; the G models come with Gigabit Ethernet):
- Unify OpenStage 80
- Unify OpenStage 60
- Unify OpenStage 40
- Unify OpenStage 20
- Unify OpenStage 15
- Unify OpenStage 5

Power Supply

38 V 0.42 A Modular: 6P6C, see Unify and IP-Phone-Forum.

← back to the other phones.