cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

646
Views
0
Helpful
3
Replies
Beginner

Prime Infrastructure 2.2/3.0 TLS

Hi All,

Please consult if it is possible to disable TLSv1 and enable TLSv1.1 or TLSv1.2 on Prime Infrastructure 2.2/3.0.

McAfee Vulnerability Manager 7.5 reports CVE-2011-3389 "(2588513) TLS-SSL Server Blockwise Chosen-Boundary Browser Weakness".

Thank you in advance.

Best Regards,

Anton Vrublevskiy

Everyone's tags (1)
3 REPLIES 3
VIP Collaborator

 - Presumably not as I couldn

 - Presumably not as I couldn't find any ssl.conf on a prime system using the root-shell capabilities; if it's important guess you have to make your case@TAC.

M.

Not applicable

Any chance you have

Any chance you have instructions even though they are unsupported?  I already modified the Tomcat config, but that does not seem to be the right place.

Or even just a bit more into where to look.

Highlighted
Beginner

That can be done, but be

That can be done, but be warned. Once you start to tweak PI server, you loose Health Manager and some other processes, which still are using TLSv1 internally (within PI server) - I did that and wasn't happy about results :(

So better to wait that Cisco provides updates & patches for that.

That same reason prevents integration of Prime 3.0 and ISE 2.0 as ISE rejects TLSv1 handshake from Prime.

/Mikko

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards