Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2844
Views
5
Helpful
2
Replies

Disable ssl version 2 and 3 and enable tls version on cisco IP Phone 7941G

Go to solution
rajeshcv49
Level 1
Level 1

‎11-30-2018 04:09 AM

Hello All,

" ssl version 2 and 3 detection" vulnerability found on cisco ip phone 7941G, can some one help me fix this issue,

all phones are using sccp protocol

call manager version 8.6.

Really appreciate your help.  

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-02-2018 06:48 AM - edited ‎12-02-2018 06:53 AM

The Cisco 7900 series phones do not support TLS 1.2 nor do they support disabling older versions. Your options are to replace it with a current generation phone, disable the phone’s web server entirely or disable HTTPS on it. The last two options may break things that leverage the XML SDK (eg paging). Disabling the web server entirely also prevents you from getting console logs for troubleshooting.

CUCM 8.6 can’t support these requirements either, has multiple known security vulnerabilities, and is end of sale. You really need to begin planning an upgrade of the server infrastructure and likely an endpoint refresh.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/TLS/TLS-1-2-for-On-Premises-Cisco-Collaboration-Deployments.html

View solution in original post

2 Replies 2

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-02-2018 06:48 AM - edited ‎12-02-2018 06:53 AM

The Cisco 7900 series phones do not support TLS 1.2 nor do they support disabling older versions. Your options are to replace it with a current generation phone, disable the phone’s web server entirely or disable HTTPS on it. The last two options may break things that leverage the XML SDK (eg paging). Disabling the web server entirely also prevents you from getting console logs for troubleshooting.

CUCM 8.6 can’t support these requirements either, has multiple known security vulnerabilities, and is end of sale. You really need to begin planning an upgrade of the server infrastructure and likely an endpoint refresh.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/TLS/TLS-1-2-for-On-Premises-Cisco-Collaboration-Deployments.html

Go to solution
rajeshcv49
Level 1
Level 1
In response to Jonathan Schulenberg

‎12-03-2018 06:15 AM

Hi Janathan,

We migrating the voip infrastructure cucm version 11.xx and latest ip phone,  For time begin i disabled the web access for phone.  

Thank for your help.

0 Helpful
Customers Also Viewed These Support Documents