Please consult if it is possible to disable TLSv1 and enable TLSv1.1 or TLSv1.2 on Prime Infrastructure 2.2/3.0.
McAfee Vulnerability Manager 7.5 reports CVE-2011-3389 "(2588513) TLS-SSL Server Blockwise Chosen-Boundary Browser Weakness".
Thank you in advance.
- Presumably not as I couldn't find any ssl.conf on a prime system using the root-shell capabilities; if it's important guess you have to make your case@TAC.
Any chance you have instructions even though they are unsupported? I already modified the Tomcat config, but that does not seem to be the right place.
Or even just a bit more into where to look.
That can be done, but be warned. Once you start to tweak PI server, you loose Health Manager and some other processes, which still are using TLSv1 internally (within PI server) - I did that and wasn't happy about results :(
So better to wait that Cisco provides updates & patches for that.
That same reason prevents integration of Prime 3.0 and ISE 2.0 as ISE rejects TLSv1 handshake from Prime.