Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2139
Views
0
Helpful
2
Replies

Disable TLS1.0/1.1 with CUCM 11.5 SU2

Schpice
Level 1
Level 1

‎10-28-2018 11:51 PM

Hello,

 

My mustomer has made a Pentest with its UC equipements and has noticed CUCM still accept connections with SSL2 and 3 encryptions and has requested to disable these encryptions methods. For now, nothing is encrypted with this customer (IP phones, trunks,...), then I think it's better to set hightest security encryption method before switching IP phones and SIP trunks with encrypted security profiles.

I have made some searches and it's true that in the  "HTTPS Ciphers" field under Enterprise parameters, there is no choice that exclude SSL incoming connections. According to the TLS 1.2 Compatibility Matrix from Cisco, I have understood if I set the minimum TLS version to 1.2, SSL and TLS1.0/1.1 should be disabled as well, but it looks TLS1.2 is not fully compatible with CUCM 11.5 SU2. 

Do you know witch features are not compatible with TLS1.2 with CUCM 11.5 SU2 ??

What's the risk to set the minimum TLS version to 1.2 with this CUCM version ?

 

Thanks

Labels:
0 Helpful
2 Replies 2

Schpice
Level 1
Level 1
In response to Chris Deren

‎10-29-2018 07:45 AM

Hello,
thanks for answer.
Do you think it's possible to disable SSL2 and 3 only ??
regards
0 Helpful
Customers Also Viewed These Support Documents