No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 07

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Do If IP Phones of the Old Version Cannot Be Connected to eSight Through the TR069 Protocol

How Do I Do If IP Phones of the Old Version Cannot Be Connected to eSight Through the TR069 Protocol

Symptom

After eSpace 7910/7950/8950 V200R003C00 is connected to eSight V300R008C00SPC200 and later versions, IP phones cannot be connected to eSight.

Possible Cause

The terminal TLS encryption algorithm suite supports only 3DES encryption algorithm, which is known as insecure algorithm in the industry. By default, eSight does not support this algorithm.

Procedure

The operations on the Linux operating system and Windows are similar. The Linux is taken as an example.

  1. Log in to the eSight server as the ossuser user. For a DR system, log in to the active eSight server.
  2. Optional: Back up the webserver.roa.inst.xml and java.security files.

    su - root

    cd eSight installation directory/AppBase/etc/iemp.framework/

    cp webserver.roa.inst.xml /opt/

    cd eSight installation directory/AppBase/jre/lib/security

    cp java.security /opt/

  3. Modify the webserver.roa.inst.xml file.

    su - ossuser

    cd eSight installation directory/AppBase/etc/iemp.framework

    vi webserver.roa.inst.xml

    • In the <webserver name="ipphone"> area, modify value of ssl.include.ciphers.

      Add the SSL_RSA_WITH_3DES_EDE_CBC_SHA algorithm at the end of value. Use a semicolon (;) to separate the algorithms.

    • In the <webserver name="ipphone2"> area, modify value of ssl.include.ciphers.

      Add the SSL_RSA_WITH_3DES_EDE_CBC_SHA algorithm at the end of value. Use a semicolon (;) to separate the algorithms.

    • In the <webserver name="tr069"> area, modify value of ssl.include.ciphers.

      Add the SSL_RSA_WITH_3DES_EDE_CBC_SHA algorithm at the end of value. Use a semicolon (;) to separate the algorithms.

  4. Press Esc and run the :wq command to save the configuration file and exit.
  5. Modify the java.security file.

    cd eSight installation directory/AppBase/jre/lib/security

    vi java.security

    Delete the 3DES_EDE_CBC algorithm in the jdk.tls.disabledAlgorithms configuration item. The comma (,) after the RC4_40 algorithm must also be deleted.

  6. Press Esc and run the :wq command to close the configuration file.
  7. Restart eSight for the configuration to take effect.

    1. Stop eSight.
      • For a single-node system, perform operations in "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
      • For a DR system, stop the standby eSight server and then stop the active eSight server. For details, see "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
    2. Start eSight.
      • For a single-node system, perform operations in "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
      • For a DR system, start the active eSight server and then start the standby eSight server. For details, see "Common Operations and Configuration > Common eSight Operations" in the Maintenance Guide.
    NOTE:

    The 3DES algorithm is known insecure algorithm in the industry. Cyber security risks exist if this algorithm is opened. You are advised to disable the 3DES algorithm on eSight after upgrading the IP phones to a version supporting the secure algorithm suite.

Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044378

Views: 58920

Downloads: 270

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next