Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3043
Views
0
Helpful
7
Replies

certificate on CUCM to avoid Firefox SSL workaround

oliver.muehlbauer
Level 1
Level 1

‎02-10-2016 10:23 AM - edited ‎03-19-2019 10:43 AM

Hello,

our users are unable to login to the self-portal in CUCM 8.5 using different browsers (Firefox, IE, Chrome, etc).

For Firefox there is a workaround to modify the config using "about:config" and change following values to false:

security.ssl3.dhe_rsa_aes_128_sha=false
security.ssl3.dhe_rsa_aes_256_sha=false

Unfortunally this is not acceptable for our users as a couple hundred users need to perform these modifications plus this intoduces a security breach.

Is there an alternative way for this ? Is there a possibility to use certificates ?

Many Thanks and kind Regards,

Oliver

Labels:
0 Helpful
7 Replies 7

Deepak Rawat
Cisco Employee
Cisco Employee

‎02-10-2016 08:33 PM

This issue is more on the FF side rather than on the Cisco side

https://tools.cisco.com/bugsearch/bug/CSCuu82530/?reffering_site=dumpcr

No alternative other than using a lower version of FF since that definitely works (have tried it personally). Not sure, if going to a higher version will fix or not but you can definitely try.

Regards

Deepak

0 Helpful

oliver.muehlbauer
Level 1
Level 1
In response to Deepak Rawat

‎02-11-2016 03:01 AM

Hi,

Thank you for the reply.

However we can't have all our clients use an old version of FF or disable the security.

Isn't there a way to secure the connection using a TLS certificate ?

I wonder how thousands of users around the world connect to CUCM Web Interface ? Or do they all disable the security or upgrade to a new CUCM version ?

Regards,

Oliver

0 Helpful

Deepak Rawat
Cisco Employee
Cisco Employee
In response to oliver.muehlbauer

‎02-11-2016 03:06 AM

Unfortunately not. Also, I don't think there will be too many administrators managing CUCM or any other UC product from an administrative perspective in a single UC environment.

You would probably limit the access to CM WEb interface to a limited set of people. The fix will/should be there in version 11.5 CM as shown in the defect

Regards

Deepak

0 Helpful

oliver.muehlbauer
Level 1
Level 1
In response to Deepak Rawat

‎02-11-2016 03:26 AM

Hello,

our clients are using the CCMUser interface for managing their accounts, setting call forwarding, etc. Not only the admins.

The fix will be available in Version 11.5 ?

Regards,

Oliver

0 Helpful

Deepak Rawat
Cisco Employee
Cisco Employee
In response to oliver.muehlbauer

‎02-11-2016 03:32 AM

Got you, it should be fixed in 11.5 as showing in the Known Fixed Releases section of the defect but till the time that is not out, nothing can be confirmed.

In case, you want a definite answer then worth checking with TAC once or else you can wait for 11.5 to release and then check the Release Notes for the Open/Resolved caveats section to confirm.

Regards

Deepak

0 Helpful

oliver.muehlbauer
Level 1
Level 1
In response to Deepak Rawat

‎02-11-2016 03:37 AM

Hi,

thanks. I have just verified the fix is applied already in 11.0.1.21900-11.

We will further proceed with Cisco support.

Thank you.

Regards,

Oliver

0 Helpful

Deepak Rawat
Cisco Employee
Cisco Employee
In response to oliver.muehlbauer

‎02-11-2016 03:44 AM

Glad to hear that Oliver, proceed with that then.

Regards

Deepak

0 Helpful
Customers Also Viewed These Support Documents