cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
224
Views
1
Helpful
2
Replies

Considerations in changing the minimum TLS version to 1.2 in CUCM 12.5

david.alfaro1
Level 1
Level 1

Hello dears

 

I hope you are doing well.

 

The reason of the discussion, is that we need tho change the TLS minimum version at 1.2, in CUCM 12.5(1)SU8a.

Regarding the document "Security Guide for Cisco Unified Communications Manager, Release 12.5(1)", we see the following:

"

Before you configure the minimum TLS version, make sure that your network devices and applications both
support the TLS version. Also, make sure that they are enabled for TLS that you want to configure with
Unified Communications Manager and IM and Presence Services. If you have any of the following products
deployed, confirm that they meet the minimum TLS requirement. If they do not meet this requirement, upgrade
those products:
• Skinny Client Control Protocol (SCCP) Conference Bridge
• Transcoder
• Hardware Media Termination Point (MTP)
• SIP Gateway
• Cisco Prime Collaboration Assurance
• Cisco Prime Collaboration Provisioning
• Cisco Prime Collaboration Deployment
• Cisco Unified Border Element (CUBE)
• Cisco Expressway

"

However, we have our CUCM in Security Mode "0" (enterprise parameters). My question is, if we set the minimum TLS version to 1.2, it would have impact in all of the aforementioned applications and devices, even tough if they would have minimum version 1.0 ?

 

Kind regards

 

1 Accepted Solution

Accepted Solutions

It would affect anything that cannot do TLS 1.2. For example any 79xx model of phones. For instance they would stop receiving configuration data from your TFTP server(s).

The security mode of your system has no relevance to this. Even in non secure mode the devices will use secure communication for parts of their communication with CM.



Response Signature


View solution in original post

2 Replies 2

It would affect anything that cannot do TLS 1.2. For example any 79xx model of phones. For instance they would stop receiving configuration data from your TFTP server(s).

The security mode of your system has no relevance to this. Even in non secure mode the devices will use secure communication for parts of their communication with CM.



Response Signature


Thank you again Roger !

 

Kind regards !