We have a number of General Dynamics Sectera vIPer phones (ver 6.1 SCCP) connected to ourCUCM server (11.5).  They work fine in non-secure mode.  They do not work with CAPF, but by manually creating certificates using openssl (and common name CP-7961G-GE-SEP<mac addr>) they are able to use the secure 7961-G-GE SCCP profile, with TLS encryption.

However, even though the TLS negotiation is successful for registration and calling, the vIPer phones are not able to download their configuration files via encrypted TFTP.  The phone sends the request, the CUCM server replies with a 455 byte packet containing just the phone port and CUCM ip, the phone sends an ack, then nothing.  Looking at the TFTP logs from CUCM server does not show any error message either.

Has anyone else encountered this, and were you able to find a workaround?

Thanks