Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1643
Views
0
Helpful
3
Replies

7921G phone and encryption

Go to solution
sergiwrk1
Level 1
Level 1

‎01-20-2014 01:42 AM - edited ‎07-05-2021 12:00 AM

Hi all!

We have several 7921G phones which we want to integrate in our WiFi network.

Such WiFi is protected by using EAP-TLS, so we have installed the corresponding

certificates to one testing phone. We have discovered that the phone does not

support certificates with RSA keys with a size greater than than 2048 bits and,

at the same time, their signatures must be always generated by using the SHA1

hashing algorithm. This fact also appears in the related documentation of the

phone. As a consequence we have a problem since the root certificate of the CA

use a key of 4096 bits and the SHA256 algorithm. We have also updated the

firmware to the latest version without success regarding this. Anyone knows if

there is any plan to a firmware update to support keys with a greater size and

another hashing algorithms? Currently, SHA1 algorithm is considered as

deprecated and the security community recommends to use another hash algorithm,

as the same as occurs with the size of the keys.

Sergi

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎01-20-2014 10:32 AM

Hi Sergi,

This 7921G already EoL product list, so do not expect any firmware update for it.

http://www.cisco.com/en/US/products/ps7071/

I do not think even any newer phones 7925G will support 4096 bit keys as well.7925G only support key length of 1024 or 2048. Refer this deployment guide for detail (page 97)

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

HTH

Rasika

*** Pls rate all useful responses *****

View solution in original post

0 Helpful

Go to solution
migilles
Cisco Employee
Cisco Employee

‎01-20-2014 01:33 PM

It is true that the 7921 is not sold any longer but is supported through Nov 2014.
So will offer software release for the 7921 until then.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/ps7071/end_of_life_notice_c51-682734.html

However, the 7921 and 7925/7926 will not support certs with 4096 bit keys or SHA-2 signatures.

Any future handsets will have 4096 bit key and SHA-2 support though.


Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rasika Nayanajith
VIP
VIP

‎01-20-2014 10:32 AM

Hi Sergi,

This 7921G already EoL product list, so do not expect any firmware update for it.

http://www.cisco.com/en/US/products/ps7071/

I do not think even any newer phones 7925G will support 4096 bit keys as well.7925G only support key length of 1024 or 2048. Refer this deployment guide for detail (page 97)

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

HTH

Rasika

*** Pls rate all useful responses *****

0 Helpful

Go to solution
migilles
Cisco Employee
Cisco Employee

‎01-20-2014 01:33 PM

It is true that the 7921 is not sold any longer but is supported through Nov 2014.
So will offer software release for the 7921 until then.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/ps7071/end_of_life_notice_c51-682734.html

However, the 7921 and 7925/7926 will not support certs with 4096 bit keys or SHA-2 signatures.

Any future handsets will have 4096 bit key and SHA-2 support though.


Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
sergiwrk1
Level 1
Level 1
In response to migilles

‎01-20-2014 11:54 PM

Thank you for your answers!

I do not know if this obeys some kind of hardware limitations, but it is strange that these features will not be supported as a firmware update :-(

Do you know when a similar handset with these features (i.e. keys with 4096 bits key and SHA-2 hashing algorithm) will be released?

Sergi


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card