Ultra Secure Mode
Polycom®, Inc. 873
Version Change - Password and Certificate Compatibility
Version
Change
Behavior
Passwords Certificates
Upgrade
from old version
to new version
On user login:
• All new-user passwords are hashed and
saved using SHA-256.
• Existing user passwords remain saved using
the SHA-1 signature, however:
On first login after the upgrade the SHA-1
hashed password is automatically replaced
with SHA-256 hashed password.
Note: After an upgrade to version 8.1.4.J there
will be still passwords saved with the SHA-1
signature.
In order not to rely on automatic password
signature conversion and replacement, and to
ensure that the system only has SHA-256 hashed
passwords saved, the administrator should:
Either:
• Ensure that all the users login to the system at
least once to ensure automatic replacement of
SHA-1 hashed passwords with SHA-256
hashed passwords.
Or:
• Delete and recreate all users.
The new version accepts certificates
issued with SHA-1 hashing.
Downgrade
from new
version to old
version
Before the downgrade procedure begins, the
administrator receives a popup warning message
Passwords will change to factory
default would you like to proceed?
All users and SHA-256 hashed passwords are
deleted.
The administrator’s User Name and Password
reverts to the Factory Default: POLYCOM /
POLYCOM.
The old version accepts certificates issued
with SHA-1 hashing.
For certificates issued with SHA-256
hashing:
• The administrator receives a popup
warning message TLS certificate
will be deleted and the system
will switch to non-secured
connection, would you like to
proceed?
• For each certificate that is hashed with
SHA-256:
RMX Web Client / RMX Manager
connections to the RMX are
switched to non-secured mode.
LDAP services are changed from
636 to port 389.
SIP TLS sessions are changed to
SIP UDP.
The certificate is deleted.