Internet Explorer 11 and CUCM Web Interface Issue

R M · ‎08-29-2016

On CUCM 7.1 SSL3 is used for Tomcat. With the discovery of vulnerabilities in SSL3, Microsoft has apparently killed it on IE11 with update KB3172605. Clients can no longer access CUCM web interfaces without a workaround lowering the Diffie Hellman key length minimum to 512.

Does CUCM 7.1 support generating a new certificate with a stronger key length? Is there any decent documentation on implementing it?

Thanks!

Mohammed Khan · ‎08-29-2016

Refer below link

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

R M · ‎08-29-2016

Thanks for the quick reply. That link pertains to a newer version of CUCM that 7.1. It also doesn't cover changing the key length and security parameters. The current certificates aren't expired, they just use a weaker method than Internet Explorer currently supports.

Is there any way to change these parameters?

Jonathan Schulenberg · ‎08-29-2016

Nope. Your only option is to upgrade, which you should anyway: 7.1 went end of sale in 2011 and end of support in 2015. This SSL issue is by far not the only security vulnerability in it.

http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/end_of_life_notice_c51-695269.html