Solved: CUCM - Expressway-C can't change Media encryption mode

salih.dogan · ‎02-23-2016

Hello,

There was a penetration test at the company and the tester said that there is a unencrypted traffic between CUCM - Expressway-C. The tester can see user credentials base64 information. So I checked Exp-C zones. I can see "Media encryption mode" is "Force unencrypted" on TCP zone and I can't change that. I want to encrypt all traffic. I attached screenshot. How can I change that?

salih.dogan · ‎10-20-2016

hi,

I didn't change Force unencrypted option but after CUCM 11 all traffic encrypted. Here explanation:

In CUCM 11, a new feature was added were we now support encrypted TFTP communication on port 6972 , instead of 6970 .

With this improvement, traffic between C and CUCM on port 6972 will be encrypted and secured. And port 6970 will be used for non-encrypted devices only.

Regards,

View solution in original post

j.huizinga · ‎10-19-2016

hi,

did you ever find a solution?

thanks

JH

salih.dogan · ‎10-20-2016

hi,

I didn't change Force unencrypted option but after CUCM 11 all traffic encrypted. Here explanation:

In CUCM 11, a new feature was added were we now support encrypted TFTP communication on port 6972 , instead of 6970 .

With this improvement, traffic between C and CUCM on port 6972 will be encrypted and secured. And port 6970 will be used for non-encrypted devices only.

Regards,