06-27-2016 06:51 AM - edited 03-17-2019 07:22 AM
We need to disable TLS1.0 and TLS1.1 on our ASA VPN gateway (Cisco 5516-X)
I see VPN users and VPN phones are syncing up to the ASA VPN gateway with TLS 1.0
I see in the Cisco docs the Cisco AnyConnect VPN client 4.x and up supports TLS.1.2.
Anyone know if the Cisco 7945G VoIP phones will support TLS 1.2 or where I can obtain additional details?
Thank you
Frank
Solved! Go to Solution.
06-27-2016 11:15 AM
When connected to Cisco Unified Communications Manager Release 10.5(2) and later, the phones support AES 256 encryption support for TLS and SIP for signaling and media encryption. This enables phones to initiate and support TLS1.2 connections using AES-256 based ciphers that conform to SHA-2 (Secure Hash Algorithm) standards and are Federal Information Processing Standards (FIPS) compliant
06-27-2016 11:05 AM
Right now only the 78XX and 88XX support TLS 1.2, the 79XX will not support 1.2
06-27-2016 11:09 AM
Ahhhhh, bummer.
Would you happen to have any URLs speaking on this topic --PLEASE!!!!
Thank You
Frank
06-27-2016 11:15 AM
When connected to Cisco Unified Communications Manager Release 10.5(2) and later, the phones support AES 256 encryption support for TLS and SIP for signaling and media encryption. This enables phones to initiate and support TLS1.2 connections using AES-256 based ciphers that conform to SHA-2 (Secure Hash Algorithm) standards and are Federal Information Processing Standards (FIPS) compliant
06-28-2016 07:38 AM
Hi Jaime,
Thank you, you got me on the right path!
Frank
11-09-2018 11:01 AM
Is there a document that just talks about SSL anyconnect and what phones except TLS 1.2?
07-07-2022 07:36 PM
I know this is reaaaaally old but we still have some old 79XX series phones in our environment. Slowly but surely we are phasing them out. But i am wondering if these 79XX phones support TLS 1.1. I think i've seen that they only support TLS 1.0 but cannot find any source that confirms this for my security folks. Can you provide a link to a datasheet that addresses this? Thank you!
07-07-2022 08:33 PM
07-11-2022 06:31 AM
Thank you Stephanie! think I've got what i need here. We are planning an upgrade to 12.6 in 2023 but need to know what we can do to satisfy our security folks in the meantime. I appreciate it!
10-11-2023 09:05 PM
A bit old but what I do is a workaround for security folks. Disable Web Access on Phone Configuration page for the specific extensions or in Phone template for the specific model. Then there would be no vulnerabilities in scan results of VA scanner.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide