TLS 1.0 vs TLS 1.2 with UCS Manager

dorgillmstates · ‎04-02-2018

I have a UCS environment on 3.1.1K firmware and I see that is TLS 1.2 capable (https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone/ssl-tls-vulnerability-response.pdf)

Is there any additional steps to make sure TLS 1.0 is disabled?

Thanks in advance.

Kirk J · ‎04-02-2018

Greetings.

See

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1_chapter_0110.html

Looks like you can select TLSV1.2, and anything lower is blocked.

Allowed SSL Protocols

Enables you to choose which SSL protocols can be used. Values are Default (Allow all except SSLv2 and SSLv3) and Only TLSV1.2. If you choose Only TLSV1.2, all web client connections trying to use less secure versions of TLS are blocked.

Thanks,
Kirk...

dorgillmstates · ‎04-03-2018

Thanks for the prompt reply!

I went to this location and that is why I was confused in the first place, there is no "Allowed SSL Protocols" section in my Communication Services page. I confirmed they are running 3.1.1k

Any ideas on why that section would be missing?

Kirk J · ‎04-03-2018

Are you using the Java, or HTML version to view the UCSM?

Thanks,

Kirk...

dorgillmstates · ‎04-06-2018

FYI, this was confirmed a bug in 3.1.1k by TAC. You have to go to a minimum of 3.1.3a to be able to adjust these settings in the GUI or CLI.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux49157

Thank you!