Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
0
Helpful
1
Replies

7921G phone and cryptography

Go to solution
sergiwrk1
Level 1
Level 1

‎01-20-2014 12:57 AM - edited ‎07-05-2021 12:00 AM

Hi all!

We have several 7921G phones which we want to integrate in our WiFi network. Such WiFi is protected by using EAP-TLS, so we have installed the corresponding certificates to one testing phone. We have discovered that the phone does not support certificates with RSA keys with a size greater than than 2048 bits and, at the same time, their signatures must be always generated by using the SHA1 hashing algorithm. This fact also appears in the related documentation of the phone. As a consequence we have a problem since the root certificate of the CA use a key of 4096 bits and the SHA256 algorithm. We have also updated the firmware to the latest version without success regarding this. Anyone knows if there is any plan to a firmware update to support keys with a greater size and another hashing algorithms? Currently, SHA1 algorithm is considered as deprecated and the security community recommends to use another hash algorithm, as the same as occurs with the size of the keys.

Sergi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card