VoIP: SIP-over-TLS and sRTP: Yealink

Yealink allows Open-SIP out of the box. Therefore, you can try VoIP/SIP servers like Digium Asterisk or public VoIP/SIP providers. The Phone interface, Web interface, and Provisioning interface are not on par when it comes to their feature set. The Provisioning interface is a superset. For me, the Web interface was not sufficient. Yealink has several model series which did not get firmware 84 and the security fixes, yet.

Last tested firmware

84.0.15
retested in Oct. 2019 with 84.0.90
retested in May 2020 with 85.0.5

Configuration

Password:	admin/admin Web → Security → Password
HTTPS:	broken; default certificate is MD5 Mitigation: Web → Security → Server → Custom
Update:	Web → Settings → Upgrade → Upgrade
Trust Anchors:	broken; built-in trust anchors can neither be viewed nor re-installed Web → Security → Trusted → Import: Base64 Web → Security → Trusted → Only Accept Trusted Certificates Web → Security → Trusted → Common Name Validation
SIP-URI User:	Web → Account (→ Register → Account1) → Register Name Web → Account (→ Register → Account1) → User Name
SIP-URI Host:	Web → Account (→ Register → Account1) → Server Host
SIP-over-TLS:	Web → Account (→ Register → Account1) → Port: 0 Web → Account (→ Register → Account1) → Transport: DNS NAPTR
SDES-sRTP:	Web → Account → Advanced (→ Account1) → RTP Encryption: Optional which is RTP/AVP with crypto

Software Bugs

SHA-2 Digest:	ignores `algorithm` and picks all; therefore incompatible with Linphone
Session Timers:	broken; SIP UPDATE even if not supported Mitigation: Web → Settings → Configuration → Import CFG: account.1.session_update_type = 1

Security

Bugs:	~~SDES-sRTP key with reduced entropy (keys observed were hex: 0-9a-f)~~ fixed with firmware 84 trust anchors are outdated (1024 bit, StartCom, Symantec) Mitigation: Web → Security → Trusted → CA Certificates: Custom Cipher Suites include RC4, Single-DES, EXPORT, and (non-working) Anonymous (OpenSSL 1.0.1r or older) Mitigation: Web → Settings → Configuration → Import CFG: sip_tls_cipher_list Ghost Calls possible on default Mitigation: Web → Features → General → Accept SIP Trust Server Only: Enabled ECDHE curves with less than 224 bit (OpenSSL 1.0.1 FIPS; ssl/t1_lib.c:pref_list)
Privacy:	device phones home to https://rpscloud.yealink.com Mitigation: Web → Settings → TR069 → (ACS) Periodic Inform: Disabled
Responsible Disclosure:	via ticket system
Firmware Update:	missing Automation missing Newsletter

Miscellaneous

Phone → Menu → Settings → Advanced → Network → Web Server → Status: Disabled
time on display cannot be disabled
- Web → Settings → Time → Time Zone: +1
- Web → Settings → Time → Manual Time: Disabled → Daylight Saving Time: Automatic → Location: Germany
  The interface allows timezone changes in the future, even in case of no firmware update.
- Web → Settings → Time → Time Format: Hour 24
- Web → Settings → Time → Date Format: not compatible with German
Web → Settings → Tones → Select Country: Germany

Model Range (non-Android)

T1 Series: T19 E2, T19P E2
T2 Series: T21E2, T21P E2, T23P, T23G, T27G, T29G
T4 Series: T40P, T40G, T41P, T41S (tested), T42G, T42S, T46G, T46S, T48G, T48S
T5 Series: T52S, T53, T53W, T54S, T54W, T57W
Conference: CP920, CP930W
DECT: W60B, Base for W52P&W56P (tested)
End-of-Life…

Power Supply

5 V 1.2 A, Coaxial: 5.5 mm × 2.1 mm

← back to the other phones.