cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to disable TLS1.0 in UCS Central 2.0(1c)

Nevy
Beginner
Beginner

Hello, I've to disable the protocol vTLS1.0 in UCS Central 2.0(1c). I could not find any documents or commands for that issue. Do you know how to disable it?

 

Thank You!

 

Best regards

 

nevzat

1 ACCEPTED SOLUTION

Accepted Solutions

Kirk J
Cisco Employee
Cisco Employee

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...

View solution in original post

5 REPLIES 5

Kirk J
Cisco Employee
Cisco Employee

Greetings.

The TLS 1.0/1 may still be in there for required integration support for older UCSM versions.

Agree, would be nice if you had ability to adjust cipher suite settings like you do in UCSM.

I'm sure future release will eventually phase out 1.1 as support for older non-1.2 TLS UCSM versions are removed.

 

From UCS central 2.0 release notes:

Support for Transport Layer Security

Support for TLS 1.1 and 1.2

Cisco UCS Central 2.0 supports TLS1.1 and TLS1.2 HTTPS connection.

 

Kirk...

Hi Kirk,

Thanks for your reply. The security issue with TLS1.0 is known and because of the PCI requirement it has to be disabled any communication which uses this protocol. Its a pity that vendors do not take this security point seriously. I hope the next release (patch) is available asap.

 

Regards

 

Nevzat

Kirk J
Cisco Employee
Cisco Employee

Unfortunately, it's not just a matter of wanting to or not to address certain security vulnerabilities.

Arbitrarily disabling TLS 1.1, would have crippled all the customers using UCSM versions (integrated with UCS Central) less than 2.27b, 3.11e

Thanks,

Kirk...