07-28-2023 09:25 PM
Our security team is alerting us of a Cipher Block Chaining (CBC) ciphers detected (low-severity finding) on our expressways. Would updating our ciphers to the recommended Resolve this issue? https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/admin_guide/X14-2/exwy_b_cisco-expressway-administrator-guide-x142/exwy_m_managing-security-x142.html?bookSearch=true#reference_4DBB857A1F1924E36837753778780546
EECDH:EDH:HIGH:-AES256+SHA:!MEDIUM:!LOW:!3DES:!MD5:!PSK:!eNULL:!aNULL:!aDH
TAC informed us we should run command xConfiguration SIP Advanced SipTlsDhKeySize: 2048 as well.
07-30-2023 11:12 PM - edited 07-30-2023 11:39 PM
If you already have / had a TAC case open, why you still ask your question here in the forum? And why don't you ask the question to the TAC technician directly?
And yes: change the ciphers, to not include the weak ciphers anymore.
08-03-2023 12:08 AM
@iverson.justin Any update?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide