Overview
The Cisco Unified Border Element (CUBE) supports secure SIP calls with Transport Layer Security (TLS). CUBE uses TLS over TCP transport to provide privacy and data integrity of SIP signaling messages it exchanges with remote services. TLS can be configured at the global, tenant and dial peer levels to secure signaling sessions with remote endpoints.
Feature Information
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Client Identity Validation through CN-SAN Fields in a TLS Certificate |
Cisco IOS XE Cupertino 17.8.1a |
Support introduced for CN-SAN validation of client certificate. The following commands under voice class tls-profile tag were updated or introduced:
|
Configurable SIP Trunk Listen Port |
Cisco IOS XE Cupertino 17.8.1a |
Incoming calls may now be associated with a trunk by destination IP and port number. |
Trunk Specific TLS Policy |
Cisco IOS XE Cupertino 17.8.1a |
Trunk specific TLS security trustpoint may now be defined in a tenant configuration. The voice class tls-cipher tag command was introduced to configure preferred TLS cipher options. |
Secured SIP with TLS version 1.3 Support |
Cisco IOS XE 17.14.1a |
Transport Layer Security (TLS) version 1.3 support is introduced to enhance the security of CUBE flows. The supported TLS version 1.3 cipher suites are:
In addition, support for the minimum TLS version functionality with TLS version 1.2 is added. The following commands were modified: transport tcp tls, voice class tls-cipher, and show sip-ua connection tcp tls details. |