topic Thank you Dejan. in Collaboration Applications

Cisco Webex Meeting Server 2.8 TLS issue

sirajuddeen t p — Mon, 18 Mar 2019 01:58:06 GMT

Dear Team,

I have recently deployed Cisco webex meeting server 2.8 for my client. When users try to login (found in windows 10) the webex session Internet explorer gives error that please enable Tls 1.0, TLS 1.1 and TLS 1.2.

When the user checked the advanced option in Internet explorer TLS 1.0 was selected but TLS1.1 and 1.2 are greyed out. Hence we had to edit group policy to support TLS1.1 and !.2

Is there a way to support TLS 1.0 by CWMS 2.8? or any other workaround since it is difficult to advice the end users to change their PC group policy (not in enterprise domain or customer).

Thank you.

Siraj

Hi Siraj,

dpetrovi — Thu, 13 Jul 2017 12:01:04 GMT

Hi Siraj,

TLS 1.0 is considered unsecured and support for it was removed from the product. The users should enabled TLS 1.1/1.2.

Unfortunately there is no other workaround.

-Dejan

Thank you Dejan.

sirajuddeen t p — Tue, 25 Jul 2017 09:53:46 GMT

Thank you Dejan.

Re: Hi Siraj,

Dubrov.MGTS — Thu, 07 Sep 2017 15:54:42 GMT

Hello.

We have same error in IE.

TLS1.1 and 1.2 enabled in browser properties.

Problem can be resolved by disabling IE option "check for publisher's certificate revocation

But this solution can not be accepted by security department.

Does any way to resolve this issue?

Re: Hi Siraj,

christoph.hable — Thu, 07 Sep 2017 23:07:35 GMT

If disabling of "check for publisher's certificate revocation"resolves the problem there is maybe a problem accessing the CRL of your used CA (internal, public?) - what CRL Distribution Point and AIA does your certificate of CWMS contains?

Re: Hi Siraj,

Dubrov.MGTS — Fri, 08 Sep 2017 10:18:32 GMT

Hello.

This is public wildcard certificate from GeoTrust

CRL http://gn.symcb.com/gn.crl is accessible from PC

Re: Hi Siraj,

christoph.hable — Fri, 08 Sep 2017 12:42:12 GMT

OK... please try to have a look on the CAPI2 logfiles to figure out the root cause for your error.

https://blogs.msdn.microsoft.com/benjaminperkins/2013/09/30/enable-capi2-event-logging-to-troubleshoot-pki-and-ssl-certificate-issues/

Re: Hi Siraj,

sirajuddeen t p — Wed, 01 Nov 2017 10:15:31 GMT

Thank you All. The issue resolved. I have involved TAC and found my internal Proxy servers caused the issue. I bypassed the traffic and updated CWMS without any issue.