The TLS protocol obsoletes SSL and allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography.
Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security—in which both ends of the conversation are sure with whom they are communicating—is known as mutual authentication (or mutual TLS). Mutual authentication requires public key infrastructure (PKI) deployment to clients.
Function
The client (phone) checks the identity of the server (PBX) with the server certificate (prevents Man-in-the-Middle attacks).
Key exchange via the RSAey from the certificate.
Symmetric encryption of the TCP-Stream with AES/3DES.