Expressway x8.9 TLS v1.2

allahverdiyev · ‎07-16-2018

Hello guys,

Can you help me to make sure Expressway x8.9 supports TLSv1.2?

Default configuration is:
xConfiguration SIP TLS CipherSuite: ALL:!EXP:!LOW:!MD5:@STRENGTH:+ADH

xConfiguration SIP Advanced SipTlsVersions: "TLSv1:TLSv1.1:TLSv1.2

regards

PJMack · ‎07-16-2018

From page 483 of the admin guide:

To improve security, the Expressway now only supports specific versions of TLS. The Expressway offers and accepts TLS versions 1.0, 1.1, and 1.2, when establishing secure connections.

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-9.pdf

allahverdiyev · ‎07-16-2018

I have read documentation. This does not give much information, says just Expressway offers and accepts. I am asking of how to check if it is actually, currently supporting TLS v1.2 if called destination is only TLS v1.2 supported.

Mohammed Khan · ‎07-16-2018

Below command should provide what system currently supports

xConfiguration SIP Advanced SipTlsVersions
*c xConfiguration SIP Advanced SipTlsVersions: "TLSv1.2"

To modify the configuration use below command

xConfiguration SIP Advanced SipTlsVersions: "TLSv1.1:TLSv1.2"

OK
xConfiguration SIP Advanced SipTlsVersions
*c xConfiguration SIP Advanced SipTlsVersions: "TLSv1.1:TLSv1.2"

OK

HTH,
Regards,

Mohammed Noor

allahverdiyev · ‎07-16-2018

Mohammed Khan,

I don't see difference between what you offer and default configuration. What is the difference?

According to default config, as I understoon it supports TLS v1.2 correct?

Mohammed Khan · ‎07-16-2018

Default configuration has 1.2 enabled. If required you may have to add 1.1 in the configuration.

Regards,

Mohammed Noor