02-10-2016 10:23 AM - edited 03-19-2019 10:43 AM
Hello,
our users are unable to login to the self-portal in CUCM 8.5 using different browsers (Firefox, IE, Chrome, etc).
For Firefox there is a workaround to modify the config using "about:config" and change following values to false:
security.ssl3.dhe_rsa_aes_128_sha=false
security.ssl3.dhe_rsa_aes_256_sha=false
Unfortunally this is not acceptable for our users as a couple hundred users need to perform these modifications plus this intoduces a security breach.
Is there an alternative way for this ? Is there a possibility to use certificates ?
Many Thanks and kind Regards,
Oliver
02-10-2016 08:33 PM
This issue is more on the FF side rather than on the Cisco side
https://tools.cisco.com/bugsearch/bug/CSCuu82530/?reffering_site=dumpcr
No alternative other than using a lower version of FF since that definitely works (have tried it personally). Not sure, if going to a higher version will fix or not but you can definitely try.
Regards
Deepak
02-11-2016 03:01 AM
Hi,
Thank you for the reply.
However we can't have all our clients use an old version of FF or disable the security.
Isn't there a way to secure the connection using a TLS certificate ?
I wonder how thousands of users around the world connect to CUCM Web Interface ? Or do they all disable the security or upgrade to a new CUCM version ?
Regards,
Oliver
02-11-2016 03:06 AM
Unfortunately not. Also, I don't think there will be too many administrators managing CUCM or any other UC product from an administrative perspective in a single UC environment.
You would probably limit the access to CM WEb interface to a limited set of people. The fix will/should be there in version 11.5 CM as shown in the defect
Regards
Deepak
02-11-2016 03:26 AM
Hello,
our clients are using the CCMUser interface for managing their accounts, setting call forwarding, etc. Not only the admins.
The fix will be available in Version 11.5 ?
Regards,
Oliver
02-11-2016 03:32 AM
Got you, it should be fixed in 11.5 as showing in the Known Fixed Releases section of the defect but till the time that is not out, nothing can be confirmed.
In case, you want a definite answer then worth checking with TAC once or else you can wait for 11.5 to release and then check the Release Notes for the Open/Resolved caveats section to confirm.
Regards
Deepak
02-11-2016 03:37 AM
Hi,
thanks. I have just verified the fix is applied already in 11.0.1.21900-11.
We will further proceed with Cisco support.
Thank you.
Regards,
Oliver
02-11-2016 03:44 AM
Glad to hear that Oliver, proceed with that then.
Regards
Deepak
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide