- Presumably not as I couldn

dtekaccount10 · ‎11-13-2015

Hi All,

Please consult if it is possible to disable TLSv1 and enable TLSv1.1 or TLSv1.2 on Prime Infrastructure 2.2/3.0.

McAfee Vulnerability Manager 7.5 reports CVE-2011-3389 "(2588513) TLS-SSL Server Blockwise Chosen-Boundary Browser Weakness".

Thank you in advance.

Best Regards,

Anton Vrublevskiy

marce1000 · ‎11-17-2015

- Presumably not as I couldn't find any ssl.conf on a prime system using the root-shell capabilities; if it's important guess you have to make your case@TAC.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Report Inappropriate Content · ‎06-01-2017

Any chance you have instructions even though they are unsupported? I already modified the Tomcat config, but that does not seem to be the right place.

Or even just a bit more into where to look.

MIKKO JARVELA · ‎11-25-2015

That can be done, but be warned. Once you start to tweak PI server, you loose Health Manager and some other processes, which still are using TLSv1 internally (within PI server) - I did that and wasn't happy about results :(

So better to wait that Cisco provides updates & patches for that.

That same reason prevents integration of Prime 3.0 and ISE 2.0 as ISE rejects TLSv1 handshake from Prime.

/Mikko

nagarajan.velappan11 · ‎07-13-2020

Hi Mikko,

How you did that ?

Regards,

Bhaskar Das

Prime Infrastructure 2.2/3.0 TLS