08-29-2016 06:05 AM - edited 03-17-2019 07:57 AM
On CUCM 7.1 SSL3 is used for Tomcat. With the discovery of vulnerabilities in SSL3, Microsoft has apparently killed it on IE11 with update KB3172605. Clients can no longer access CUCM web interfaces without a workaround lowering the Diffie Hellman key length minimum to 512.
Does CUCM 7.1 support generating a new certificate with a stronger key length? Is there any decent documentation on implementing it?
Thanks!
08-29-2016 06:21 AM
Refer below link
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html
08-29-2016 07:02 AM
Thanks for the quick reply. That link pertains to a newer version of CUCM that 7.1. It also doesn't cover changing the key length and security parameters. The current certificates aren't expired, they just use a weaker method than Internet Explorer currently supports.
Is there any way to change these parameters?
08-29-2016 05:40 PM
Nope. Your only option is to upgrade, which you should anyway: 7.1 went end of sale in 2011 and end of support in 2015. This SSL issue is by far not the only security vulnerability in it.
http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/end_of_life_notice_c51-695269.html
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: