18.3.4.4.3. Scenarios 
- Client A - Standard client
-
The subscriber is connected to the switch via TLS but SPE is not activated for this subscriber or the subscriber is connected to the switch via TCP (subscriber configuration at the switch is not relevant).
- Client B - Secure client
-
The subscriber is connected to the switch via TLS and the subscriber is configured in the system as a SECURE client.
- Client C - Cipher client
-
The subscriber is connected to the switch via TLS and the subscriber is configured in the system as a CIPHER client.
Secure call: B calls C
Both subscribers have a secure connection to the gateway. Therefore
the DMC connection is also secure. The displays of both subscribers show
encrypted call. During the call both subscribers are able to check
the security status in their menus.
Insecure Call: A calls B
The connection from A to the gateway is insecure. Only the connection
from the gateway to client B is secure. Therefore the DMC connection
is insecure. The displays of both subscribers show call not encrypted.
During the call both subscribers are able to check the security status
in their menus.
Insecure Call: A calls C
The connection from A to the gateway is insecure. Only the connection
from the gateway to client C is secure. If a DMC connection if it is
established it is insecure. The DMC connection ends in the OpenScape
4000 because all connections to client c (CIPHER) must be secure. The
display of both subscribers show call not encrypted. During the
call both subscribers are able to check the security status in their
menus.