Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4509
Views
5
Helpful
5
Replies

How to disable TLS1.0 in UCS Central 2.0(1c)

Go to solution
Nevy
Level 1
Level 1

‎09-07-2018 01:36 AM

Hello, I've to disable the protocol vTLS1.0 in UCS Central 2.0(1c). I could not find any documents or commands for that issue. Do you know how to disable it?

 

Thank You!

 

Best regards

 

nevzat

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kirk J
Cisco Employee
Cisco Employee
In response to Nevy

‎09-10-2018 03:25 AM

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kirk J
Cisco Employee
Cisco Employee

‎09-07-2018 05:03 AM - edited ‎09-07-2018 07:12 AM

Greetings.

The TLS 1.0/1 may still be in there for required integration support for older UCSM versions.

Agree, would be nice if you had ability to adjust cipher suite settings like you do in UCSM.

I'm sure future release will eventually phase out 1.1 as support for older non-1.2 TLS UCSM versions are removed.

 

From UCS central 2.0 release notes:

Support for Transport Layer Security

Support for TLS 1.1 and 1.2

Cisco UCS Central 2.0 supports TLS1.1 and TLS1.2 HTTPS connection.

 

Kirk...

0 Helpful

Go to solution
Nevy
Level 1
Level 1
In response to Kirk J

‎09-10-2018 12:53 AM

Hi Kirk,

Thanks for your reply. The security issue with TLS1.0 is known and because of the PCI requirement it has to be disabled any communication which uses this protocol. Its a pity that vendors do not take this security point seriously. I hope the next release (patch) is available asap.

 

Regards

 

Nevzat

0 Helpful

Go to solution
Kirk J
Cisco Employee
Cisco Employee
In response to Nevy

‎09-10-2018 03:25 AM

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...

0 Helpful

Go to solution
Scarter
Level 1
Level 1
In response to Kirk J

‎08-08-2019 12:56 PM

Is this still the case? We are in the middle of purchasing Central, and just found this when it was scanned by our security team, as it is a violation of PCI-DSS, and has been for quite some time.

 

All of our UCSM's are currently in TLSv1.2 mode.

0 Helpful

Go to solution
Scarter
Level 1
Level 1
In response to Scarter

‎08-12-2019 08:35 AM

Incase anyone stumbles upon this in the future. There is a procedure for performing the change to make UCS Central listen on TLSv1.2 only. 

 

The procedure must be performed by TAC as it requires root SSH to the appliance.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card