Aastra Remote Directory Upgrade Notes

Starting from XiVO 14.20, it is not possible anymore to use SSL 3.0 when connecting to XiVO using HTTPS.

This has the unfortunate consequence of breaking the remote directory on Aastra phones configured by the xivo-aastra provisioning plugins in version 1.2 and earlier.

Upgrade procedure

To be able to use the remote directory on your Aastra phones on XiVO 14.20 or later, you’ll need to take one of the following actions:

Upgrade to the Latest Plugin

This is the recommended solution. This can be done either before or after the upgrade. You’ll have to:

  1. Upgrade your xivo-aastra plugin to version 1.3 or later
  2. Restart/synchronize all your phones

The correction is only available for plugin xivo-aastra-3.3.1-SP2 and later. If you are using an older plugin (xivo-aastra-3.2.2-SP3 for example), then you’ll need to install a newer plugin and update all your phones to use the new plugin.

If you were already using custom templates, make sure to update them so that the phones access the remote directory via HTTP instead of HTTPS. This can be done using the following command:

find /var/lib/xivo-provd/plugins/xivo-aastra* -name '*.tpl' -exec sed -i '/X_xivo_phonebook_ip/s/\bhttps:/http:/' {} \;

Update the Templates

If you can’t or don’t want to update to a newer plugin, you can instead update the templates used by the plugin. This can be done either before or after the upgrade. You’ll have to:

  1. Update the templates so that the directory is accessed via HTTP
  2. Restart/synchronize all your phones

In this specific case, it is safe to directly modify the templates used by the plugin instead of creating custom templates. To update the templates, you can use the following command:

find /var/lib/xivo-provd/plugins/xivo-aastra* -name '*.tpl' -exec sed -i '/X_xivo_phonebook_ip/s/\bhttps:/http:/' {} \;

Re-enable SSL 3.0

If you can’t restart/synchronize your phones, the last solution is to re-enable SSL 3.0 on your XiVO. This should only be used as a temporary solution to give you more time to plan a firmware upgrade for your phones. This can be done only after the upgrade. You’ll have to:

  1. Update nginx configuration
  2. Reload nginx

This can be done using the following commands:

sed -i 's/ssl_protocols .*/ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;/' /etc/nginx/sites-available/xivo
service nginx reload