Page tree

PA1 Maintenance Rollup: - February 2018


  • Please make sure you read ALL of the information below before installing the software on your device.
  • Please install and test the software in your environment before mass deployment
  • We encourage you to read and follow our security advisories.
  • This release does NOT directly include the OpenVPN feature in firmware file anymore. If you wish to use this feature please make sure you understand all security implications and follow this link after installing the software.

Release notes

SAP-1341 ADD: New support for primary & secondary (multiple) provisioning server for redundancy via FQDN (DNS query returns multiple IP addresses)
Please take swupd_curl_timeouts also into consideration regarding firmware update scenarios that include provisioning redundancy

SAP-757 FIX: Enabled setting check_fqdn_against_server_cert was not effective for URL's with IP addresses
SAP-782 FIX: Using host_name_validation, (requires check_fqdn_against_server_cert: on, to be effective) IP addresses in TLS server certificates are now handled correctly
SAP-871 FIX: All anonymous authentication ciphers (e.g. ADH-RC4-MD5) removed from Snom TLS stack
SAP-890 FIX: All ciphers removed from Snom TLS stack except TLS_RSA_WITH_AES_128_CBC_SHA

SCPP-7361 FIX: DHCP failover requirement: DHCP client did not fallback to broadcast during renew issues (e.g. DHCP server outages)
SAP-1162 FIX: DHCP option 81 (RFC 4702) was sent erroneously with flag S=0 and it can now be enabled via setting: dhcp_options_on_ip_aquire
SCPP-7931 & SAP-1252 FIX: Improved web client TCP handling of chunked transfer encoding transmissions
SAP-1325 FIX: Web client did not handle a 3xx redirect response when Transfer-Encoding is chunked
SAP-1391 UPD: Changed LLDP manufacturer name from "snom technology AG" to "snom"

SAP-536 FIX: NTP defaults are now queried before secure provisioning, to ensure having valid timestamps for server authentication (if DHCP server does not provide NTP information)
SAP-679 FIX: If provisioning sets tls_server_authentication to on, a reboot is now triggered making it entirely effective and custom root CA certificates can now be provisioned
SAP-767 ADD: A new setting: skip_provisioning_urls_on_tls_error is introduced, but only intented for testing and evaluation purposes
SAP-1076 FIX: By resolving the provisioning server URL the backup DNS server (DHCP provided) was not queried
SAP-1314 FIX: Ensuring backward compatible value handling for setting: web_language

SAP-328 ADD: Milliseconds added to timestamp in log messages, for better analysis
SAP-1262 FIX: Log showed a false positive warning “401 needs 128 bit nonce” (now only for nonces < 128 bits)

SAP-360 FIX: Enabled setting restrict_uri_queries, did block any firmware update attempt via web interface

SCPP-7738 & SAP-1070 UPD: Improved SIP authorization cache handling and introduced a new setting: cache_sip_authorization (default <on>) allows turn off SIP authorization cache
SCPP-6567 FIX: Re-enabled support for incoming SIP TCP connections (see: tcp_listen)
SAP-816 FIX: STUN is now also supported for SIP-TCP / SIP-TLS based registrations
SAP-1106 UPD: Out of order (lower CSeq) responses to an deregistration request will now be ignored (accelerating de- / re-registrations)
SCPP-7823 & SAP-1205 FIX: Device generated an UUID (RFC 4122) on deregistration, when manual setting upload was used exceptionally to take it into operation during an not common migration process
SAP-1280 FIX: Receiving an SIP 380 Alternative Service message raised an unhandled exception
SAP-1429 FIX: A retransmitted 180 was PRACKed (see: RFC 3262 Section 4), - in some cases the cseq was incremented

SAP-564 FIX: With headset / speaker & mic attached to PA1, its line-out & speaker played the mic input during call, - sidetone level was too high
SAP-564 FIX: On LID devices (PA1, 300, 320, 360, 370): No audio during call a after multicast-stream

SAP-439 FIX: Changed default value for setting: advertisement url to https scheme and url to lowercase
SAP-1023 & SAP-733: FIX: In Identity -> NAT (Tab) the setting: initial_rtp_keep_alives is now presented only on models supporting it

Download Links

Please note: this is a PA1 specific firmware release. Only the PA1 is supported with this firmware:

  • Any PA1 running an firmware > should not be downgraded to a version below
  • This may lead to a deadlock situation where the firmware works, but the device cannot be updated anymore at all!
  • All versions lower than are affected by this update procedure issue.
  • Only option left to get out from such deadlock situation is to use the network recovery procedure as described in our support How-to
  • If the downgrade is mandatory, use the as an intermediate firmware downgrade step, before you finally install the desired/known as affected version!
  • Please note: if you experience the deadlock situation do not open an RMA case, as this is not a hardware/flash issue!
Phone ModelFile SizeSHA256 ChecksumFile Name
Snom PA1~ 3.2MBa5a13fa3cce0127a4fb3dc211c58f36437e27f504cf64a9f13233b08d63791basnomPA1-