Microsoft recently announced that AAD and SFB Online will deprecate TLS 1.0/1.1 by June 1st 2021. This will impact the Skype for Business phones (3PIP) , running on older firmware with TLS 1.0/1.1 support. All the Skype for Business phones which doesn’t support TLS1.2 will not be able to sign in after June 1st 2021.
Affected Scope – SFB Phone with SFB Online Account
In order to ensure the users can successfully sign in to the Skype for Business phones, requesting you to make sure all the devices are upgraded to the firmware which support TLS 1.2. Administrators must complete the following steps before the deadline.
Upgrade the firmware to the version that support TLS 1.2.
To download the Skype for Business firmware, please visit : Yealink Technical Support.
|MP5X Desk Phone Series||MP58/MP54||188.8.131.52 and above|
|MP56||184.108.40.206 and above|
|T5X Desk Phone Series||T58A/T56A/T55A||220.127.116.11 and above|
|Conference Phone||CP960||18.104.22.168 and above|
|T4XS Desk Phone Series||T48S/T46S/T42S/T41S||22.214.171.124 and above|
|T4XG Desk Phone Series||T48G||126.96.36.199 and above|
|T46G||188.8.131.52 and above|
|T41P/T42G||184.108.40.206 and above|
|T40P||220.127.116.11 and above|
When you finish the upgrade or you already used the version above, you still need to add below configuration to your SFB phones. It configures the TLS version to use for handshake negotiation between the phone and server.
security.default_ssl_method = 3 Or security.default_ssl_method = 5
0-TLS 1.0 ; 4-TLS 1.1 ; 5-TLS 1.2 ;
3-SSL V23 (automatic negotiation with the server. The phone starts with TLS1.2 for negotiation.)
To download the .cfg file of the configuration above, please visit: security.default_ssl_method = 3 .cfg
To Auto Provisioning Yealink Skype for Business phone, please refer to: Auto Provisioning Guide for Yealink Skype for Business Phones
For more information, please refer to Transport Layer Security 1.0 and 1.1 disablement – Microsoft Lifecycle | Microsoft Docs