news Center

    Upgrade Requrement for All Yealink Skype for Business IP Phones Due to Microsoft Deprecated TLS1.0/1.1


    Microsoft recently announced that AAD and SFB Online will deprecate TLS 1.0/1.1 by June 1st 2021. This will impact the Skype for Business phones (3PIP) , running on older firmware with TLS 1.0/1.1 support. All the Skype for Business phones which doesn't support TLS1.2 will not be able to sign in after June 1st 2021.
    【Affected Scope】 SFB Phone with SFB Online Account
    In order to ensure the users can successfully sign in to the Skype for Business phones, requesting you to make sure all the devices are upgraded to the firmware which support TLS 1.2. Administrators must complete the following steps before the deadline.
    Step One: 
    Upgrade the firmware to the version that support TLS 1.2. 
    To download the Skype for Business firmware, please visit : Yealink Technical Support.
    Series Model Version
    MP5X Desk Phone Series MP58/MP54 and above
      MP56 and above
    T5X Desk Phone Series T58A/T56A/T55A and above
    Conference Phone CP960 and above
    T4XS Desk Phone Series T48S/T46S/T42S/T41S and above
    T4XG Desk Phone Series T48G and above
      T46G and above
      T41P/T42G and above
      T40P and above

    Step Two: 
    When you finish the upgrade or you already used the version above, you still need to add below configuration to your SFB phones. It configures the TLS version to use for handshake negotiation between the phone and server.
    security.default_ssl_method = 3   Or  security.default_ssl_method = 5
    Permitted Values: 
        0-TLS 1.0 ;  4-TLS 1.1 ; 5-TLS 1.2 ; 
    3-SSL V23 (automatic negotiation with the server. The phone starts with TLS1.2 for negotiation.)
    To download the .cfg file of the configuration above, please visit: security.default_ssl_method = 3 .cfg
    To Auto Provisioning Yealink Skype for Business phone, please refer to: Auto Provisioning Guide for Yealink Skype for Business Phones
    For more information, please refer to Transport Layer Security 1.0 and 1.1 disablement - Microsoft Lifecycle | Microsoft Docs