Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2684
Views
0
Helpful
9
Replies

Cisco VoIP phone 7945G VPN and TLS version

Go to solution
fsebera
Level 4
Level 4

‎06-27-2016 06:51 AM - edited ‎03-17-2019 07:22 AM

We need to disable TLS1.0 and TLS1.1 on our ASA VPN gateway (Cisco 5516-X)

I see VPN users and VPN phones are syncing up to the ASA VPN gateway with TLS 1.0

I see in the Cisco docs the Cisco AnyConnect VPN client 4.x and up supports TLS.1.2.

Anyone know if the Cisco 7945G VoIP phones will support TLS 1.2  or where I can obtain additional details?

Thank you

Frank

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to fsebera

‎06-27-2016 11:15 AM

When connected to Cisco Unified Communications Manager Release 10.5(2) and later, the phones support AES 256 encryption support for TLS and SIP for signaling and media encryption. This enables phones to initiate and support TLS1.2 connections using AES-256 based ciphers that conform to SHA-2 (Secure Hash Algorithm) standards and are Federal Information Processing Standards (FIPS) compliant

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8800-series/english/adminguide/P881_BK_C136782F_00_cisco-ip-phone-8800_series.html#P881_RF_S386401D_00

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/7800-series/10-3-1/english/releasenotes/PA2D_BK_70AD4CFB_00_7811_7821_7841_7861-rn-1031/PA2D_BK_70AD4CFB_00_7811_7821_7841_7861-rn-1031_chapter_00.html#PA2D_RF_AC3FD7DF_00

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎06-27-2016 11:05 AM

Right now only the 78XX and 88XX support TLS 1.2, the 79XX will not support 1.2

HTH

java

if this helps, please rate
0 Helpful

Go to solution
fsebera
Level 4
Level 4
In response to Jaime Valencia

‎06-27-2016 11:09 AM

Ahhhhh, bummer.

Would you happen to have any URLs speaking on this topic --PLEASE!!!!

Thank You

Frank

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to fsebera

‎06-27-2016 11:15 AM

When connected to Cisco Unified Communications Manager Release 10.5(2) and later, the phones support AES 256 encryption support for TLS and SIP for signaling and media encryption. This enables phones to initiate and support TLS1.2 connections using AES-256 based ciphers that conform to SHA-2 (Secure Hash Algorithm) standards and are Federal Information Processing Standards (FIPS) compliant

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8800-series/english/adminguide/P881_BK_C136782F_00_cisco-ip-phone-8800_series.html#P881_RF_S386401D_00

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/7800-series/10-3-1/english/releasenotes/PA2D_BK_70AD4CFB_00_7811_7821_7841_7861-rn-1031/PA2D_BK_70AD4CFB_00_7811_7821_7841_7861-rn-1031_chapter_00.html#PA2D_RF_AC3FD7DF_00

HTH

java

if this helps, please rate
0 Helpful

Go to solution
fsebera
Level 4
Level 4
In response to Jaime Valencia

‎06-28-2016 07:38 AM

Hi Jaime,

Thank you, you got me on the right path!

Frank

0 Helpful

Go to solution
iverson.justin
Level 1
Level 1
In response to Jaime Valencia

‎11-09-2018 11:01 AM

Is there a document that just talks about SSL anyconnect and what phones except TLS 1.2?  

0 Helpful

Go to solution
smgroene01
Level 1
Level 1
In response to Jaime Valencia

‎07-07-2022 07:36 PM

I know this is reaaaaally old but we still have some old 79XX series phones in our environment. Slowly but surely we are phasing them out. But i am wondering if these 79XX phones support TLS 1.1. I think i've seen that they only support TLS 1.0 but cannot find any source that confirms this for my security folks. Can you provide a link to a datasheet that addresses this? Thank you!

0 Helpful

Go to solution
Stephanie Knoop
VIP Alumni
VIP Alumni
In response to smgroene01

‎07-07-2022 08:33 PM

Per this bug and this other document, there are references to 7900 series not being supported with anything above TLS 1.0. Search for 7900 and you will find what I'm talking about. Interestingly, though, there is a section about workarounds for these phones for certain features. Hopefully this answers your question definitively.

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvj26615

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/TLS/TLS-1-2-for-On-Premises-Cisco-Collaboration-Deployments.html

Response Signature
0 Helpful

Go to solution
smgroene01
Level 1
Level 1
In response to Stephanie Knoop

‎07-11-2022 06:31 AM

Thank you Stephanie! think I've got what i need here. We are planning an upgrade to 12.6 in 2023 but need to know what we can do to satisfy our security folks in the meantime. I appreciate it!

0 Helpful

Go to solution
imranjabbar245
Level 1
Level 1

‎10-11-2023 09:05 PM

A bit old but what I do is a workaround for security folks. Disable Web Access on Phone Configuration page for the specific extensions or in Phone template for the specific model. Then there would be no vulnerabilities in scan results of VA scanner. 

imranjabbar245_0-1697083484570.png

 

0 Helpful
Customers Also Viewed These Support Documents