Re: Upgrade to OpenSSL version to 0.9.8q or later on CT2504-WLC

preetpeethambaran · ‎10-14-2019

We had a finding as part of Vulnerability scanning of WLC - Upgrade to OpenSSL version to 0.9.8q or later on CT2504-WLC

Please let me know, if below command will be workaround for this vulnerability. Also, please let me know, will there be any production impact if this command is applied & is it required to reboot WLC after applying this command.

"config network secureweb cipher-option high enable"

Sandeep Choudhary · ‎10-14-2019

Hi,

By using this command which will enables/requires TLS 1.2 support on the internal controller. By defult (disbaled) use TLS version 1.0.

As per my experiences it will not impact your production..

Just for your Info: It will force the web server to use TLS 1.2. Without the above command the internal web server would use TLS 1.0 which would cause it to be blocked.

YES you nee dto reboot the WLC after enabling it.

Regards

Dont forget to rate helpful posts

Regards

Dont forget to rate helpful posts

patoberli · ‎10-14-2019

What Sandeep writes, plus make sure that you are running an up to date software version on the WLC, as bugs will be fixed inside those updates. Just make sure you stay on a version which supports your APs.