On September 29, 2023, Zoom plans to end support for certain cipher suites for Session Initiation Protocol (SIP) connections using Transport Layer Security (TLS) to the Zoom Conference Room Connector (CRC). This change will help enhance the security of your data transmissions and help protect the confidentiality, integrity, and authenticity of your communications.
This article covers:
The SIP TLS cipher change will be deployed on September 29, 2023.
The following ciphers will no longer be supported or accepted for SIP TLS connections to Zoom CRC:
After the change, the following ciphers will be supported and accepted for SIP TLS connections to Zoom CRC:
This change only applies to connections utilizing SIP TLS, while connections utilizing SIP UDP, SIP TCP, and H.323 are unaffected. However, Zoom recommends using SIP TLS for increased security of your connections to Zoom's Conference Room Connector service.
Zoom understands that this change may have an impact on your systems or integrations that use Zoom CRC services. Zoom performed testing with a variety of common SIP/H.323 conference room equipment to ensure the SIP TLS cipher support changes will not affect their ability to connect to Zoom meetings through Zoom CRC using SIP TLS. Zoom performed the tests with SIP/H.323 conference room equipment using the most recently released device vendor firmware. Zoom tested each device by making direct calls to Zoom CRC with SIP TLS as the configured call protocol. The following device/firmware combinations successfully connected to Zoom CRC using SIP TLS with supported SIP TLS ciphers:
Zoom encourages you to review your SIP/H.323 conference room devices to ensure they meet these requirements. Zoom recommends updating your devices, if necessary, to ensure they are supported with Zoom CRC.
If your device, application, or platform is not listed above, and uses SIP, specifically SIP over TLS, to connect to Zoom CRC, consult your vendor’s documentation or contact your vendor’s support services to determine the ciphers your device, application, or platform supports when connecting as a client, using SIP TLS.
From a SIP/H.323 device that is configured to use SIP TLS to connect to Zoom CRC, dial the SIP URI "firstname.lastname@example.org" to connect to a Zoom CRC test service. The Zoom CRC services at dvgo.zmus.us will only accept the new supported SIP TLS ciphers.
A failure to connect may be due to the change of supported SIP TLS ciphers. Review your SIP/H.323 device's logs to confirm why the call failed (e.g. couldn't create TLS connection, indicating a SIP TLS cipher support issue). If the device is not dialing directly to Zoom CRC, e.g. it is registered to on-premises or 3rd party cloud infrastructure, it is also possible the failure is not on the SIP/H.323 device itself, but is somewhere along the call path. Review your infrastructure logs to confirm why the call failed.
If your SIP/H.323 device connects to the Zoom CRC video IVR and is prompted to enter a meeting ID, the device was likely able to negotiate a SIP TLS connection using the supported SIP TLS ciphers. In this case, you don't need to actually join a meeting. This is due to the fact that the device connected to the video IVR and received audio/video, which is sufficient to test SIP TLS cipher support.
However, Zoom recommends that you look at the SIP/H.323 device's logs to ensure it actually connected over SIP TLS, and did not fall back to SIP over TCP, SIP over UDP, or H.323 connection methods. If the device is not dialing directly to Zoom CRC, e.g. it is registered to on-premises or 3rd party cloud infrastructure, it is also possible a fall-back occurred somewhere along the call path. In this case, review your infrastructure logs to confirm the call is connected using SIP TLS.
While you may optionally configure your device, application, or platform to use SIP UDP, SIP TCP, or H.323 to connect to the Conference Room Connector, however, Zoom recommends using SIP TLS. If SIP TLS connectivity is not possible due to a lack of support from your device, application, or platform vendor, you can leverage hardware that supports Zoom Rooms.