cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2610
Views
5
Helpful
4
Replies

Disabling SSL weak ciphers in Call Manager 11.5 SU2

Erick Bergquist
Frequent Contributor
Frequent Contributor

Hello,

Does anyone know how these SSL ciphers can be disabled in Call Manager 11.5 SU2 (12900) and other UC applications?

These are showing up as weak ciphers on scans.


112 bits EDH-RSA-DES-CBC3-SHA
112 bits DES-CBC3-SHA

I am not finding a command line or GUI option, or patch to modify or disable these. 

Thanks, 

Erick

4 REPLIES 4

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

We currently do not offer a way to disable SSL ciphers, you can get in touch with your AM to submit a PER so this is considered for future releases.

HTH

java

if this helps, please rate

CSCuy01067    Disabling weak DES ciphers 

 

Description
Symptom:
Cisco Unified Communications Manager includes a version of Security Socket Layer (SSL) protocol
and/or the Transport Layer Security (TLS) protocol which could use the 3DES/CBC ciphers that are
affected by the vulnerability identified ollowing Common
Vulnerability and Exposures (CVE) IDs:

CVE-2011-3389

The potentially vulnerable ciphers identified are:

TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_DHE_RSA_WITH_AES_128_CBC_SHA *** On by default only till tls 1.2
TLS_RSA_WITH_AES_256_CBC_SHA *** On by default only till tls 1.2

Conditions:
Device with default configuration.

Workaround:
Not currently available.

Further Problem Description:
Additional details about the vulnerabilities listed above can be found at
http://cve.mitre.org/cve/cve.html and https://nvd.nist.gov/vuln/detail/CVE-2011-3389.

Any news about this?

Have there been any changes in the past year regarding this vulnerability?