cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

655
Views
5
Helpful
5
Replies
Highlighted
Beginner

How to disable TLS1.0 in UCS Central 2.0(1c)

Hello, I've to disable the protocol vTLS1.0 in UCS Central 2.0(1c). I could not find any documents or commands for that issue. Do you know how to disable it?

 

Thank You!

 

Best regards

 

nevzat

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...

View solution in original post

5 REPLIES 5
Cisco Employee

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Greetings.

The TLS 1.0/1 may still be in there for required integration support for older UCSM versions.

Agree, would be nice if you had ability to adjust cipher suite settings like you do in UCSM.

I'm sure future release will eventually phase out 1.1 as support for older non-1.2 TLS UCSM versions are removed.

 

From UCS central 2.0 release notes:

Support for Transport Layer Security

Support for TLS 1.1 and 1.2

Cisco UCS Central 2.0 supports TLS1.1 and TLS1.2 HTTPS connection.

 

Kirk...

Beginner

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Hi Kirk,

Thanks for your reply. The security issue with TLS1.0 is known and because of the PCI requirement it has to be disabled any communication which uses this protocol. Its a pity that vendors do not take this security point seriously. I hope the next release (patch) is available asap.

 

Regards

 

Nevzat

Cisco Employee

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...

View solution in original post

Beginner

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Is this still the case? We are in the middle of purchasing Central, and just found this when it was scanned by our security team, as it is a violation of PCI-DSS, and has been for quite some time.

 

All of our UCSM's are currently in TLSv1.2 mode.

Beginner

Re: How to disable TLS1.0 in UCS Central 2.0(1c)

Incase anyone stumbles upon this in the future. There is a procedure for performing the change to make UCS Central listen on TLSv1.2 only. 

 

The procedure must be performed by TAC as it requires root SSH to the appliance.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here