09-07-2018 01:36 AM
Hello, I've to disable the protocol vTLS1.0 in UCS Central 2.0(1c). I could not find any documents or commands for that issue. Do you know how to disable it?
Thank You!
Best regards
nevzat
Solved! Go to Solution.
09-10-2018 03:25 AM
Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.
Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e
Thanks,
Kirk...
09-07-2018 05:03 AM - edited 09-07-2018 07:12 AM
Greetings.
The TLS 1.0/1 may still be in there for required integration support for older UCSM versions.
Agree, would be nice if you had ability to adjust cipher suite settings like you do in UCSM.
I'm sure future release will eventually phase out 1.1 as support for older non-1.2 TLS UCSM versions are removed.
From UCS central 2.0 release notes:
Cisco UCS Central 2.0 supports TLS1.1 and TLS1.2 HTTPS connection.
Kirk...
09-10-2018 12:53 AM
Hi Kirk,
Thanks for your reply. The security issue with TLS1.0 is known and because of the PCI requirement it has to be disabled any communication which uses this protocol. Its a pity that vendors do not take this security point seriously. I hope the next release (patch) is available asap.
Regards
Nevzat
09-10-2018 03:25 AM
Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.
Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e
Thanks,
Kirk...
08-08-2019 12:56 PM
Is this still the case? We are in the middle of purchasing Central, and just found this when it was scanned by our security team, as it is a violation of PCI-DSS, and has been for quite some time.
All of our UCSM's are currently in TLSv1.2 mode.
08-12-2019 08:35 AM
Incase anyone stumbles upon this in the future. There is a procedure for performing the change to make UCS Central listen on TLSv1.2 only.
The procedure must be performed by TAC as it requires root SSH to the appliance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide