Re: TLS CUCM 11.5

Gilles Guillerm · ‎04-02-2019

Hello,

I try to change the TLS version of the CUCM 11.5, but when I go to the CLI and tape "show tls min-version" or "set tls min-version" it is like the command does not exist.

Is this normal ? How can I change the TLS version ?

Thanks

Best regards

Gilles

Jaime Valencia · ‎04-02-2019

Are you running the restricted or unrestricted version?

HTH

java

if this helps, please rate

Gilles Guillerm · ‎04-02-2019

I don't know what you mean with "restricted version"....it is a CUCM hosted on a BE-6000-S for a small compagny. Licenses are OK.

How can I know if it is a restricted version ?

Thanks

Jaime Valencia · ‎04-02-2019

Log to CCMAdmin, do you see unrestricted or something along those lines mentioned in there?

HTH

java

if this helps, please rate

Shalid Kurunnan Chalil · ‎04-03-2019

Hi there,

Once you logged in to the Cisco call manager administration you find nothing related to restricted or unrestricted if it is restricted version. but it definitely mentions as unrestricted if it one.

Unrestricted

reference - Identify whether current CUCM version is the export restricted or unrestricted version

******Rate useful posts. ********

Gilles Guillerm · ‎04-04-2019

The version should be in "restricted version" because the voice and signaling are secured.

Jaime Valencia · ‎04-04-2019

OK, are you running a CUCM version which does enable that feature?

And using an account with the right privilege level for that command?

HTH

java

if this helps, please rate

Gilles Guillerm · ‎04-05-2019

For now, there is only one admin account to connect to the CUCM CLI. So I think I have the privilege for that command (I can restart the CUCM).
The cucm is in mixted mode for secure voice and signaling. version is 11.5.1
I'll answer you more efficiently on tuesday....because now I'am on holliday for few days.

tc4679 · ‎04-08-2019

ahhh I remember Mr Jaime Valencia doing a very good video on TLS and Call Manager approx 12months ago, although i cannot find it now, have you still got your video series running Jaime?

Jaime Valencia · ‎04-08-2019

YT disabled my account, and thus my channel, since last November, working to try to get them back online in a new site within Cisco's domain.

HTH

java

if this helps, please rate

Gilles Guillerm · ‎04-11-2019

Hi,
I have checked the CUCM and it is a restricted version and my account for CLI is the admin account...on CLI no posibility do have "show tls min-version" or "set tls min-version"

Gilles Guillerm · ‎04-11-2019

I have found this on the cisco bug site : Allow TLS versions to be disabled on CUCM : CSCvd93544
Symptom:
Currently, CUCM allows TLS versions 1.0, 1.1, and 1.2. To disable a TLS version on CUCM, you must enable FIPS mode and regenerate certificates.
This is a feature request to allow CUCM to be configured to reject connections that use TLS versions 1.0 and 1.1.

=> it seems to be my problem.....

Jaime Valencia · ‎04-11-2019

What is the exact CUCM release you're running?

HTH

java

if this helps, please rate

Gilles Guillerm · ‎04-11-2019

it is like .... 11.5.1.0000xx (I couln't give you the exact release, but it is a version whixh was installed on january 2017)
I think it is one of the first CUCM 11.5.1 version

Jaime Valencia · ‎04-11-2019

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/11_5_1/SU3/cucm_b_release-notes-cucm-imp-1151su3/cucm_b_release-notes-cucm-imp-1151su3_chapter_00.html#reference_5944F15281537B350947B72BF400247D

HTH

java

if this helps, please rate