Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
1
Helpful
2
Replies

Considerations in changing the minimum TLS version to 1.2 in CUCM 12.5

Go to solution
david.alfaro1
Level 1
Level 1

‎05-15-2024 01:37 PM - edited ‎05-15-2024 01:38 PM

Hello dears

 

I hope you are doing well.

 

The reason of the discussion, is that we need tho change the TLS minimum version at 1.2, in CUCM 12.5(1)SU8a.

Regarding the document "Security Guide for Cisco Unified Communications Manager, Release 12.5(1)", we see the following:

"

Before you configure the minimum TLS version, make sure that your network devices and applications both
support the TLS version. Also, make sure that they are enabled for TLS that you want to configure with
Unified Communications Manager and IM and Presence Services. If you have any of the following products
deployed, confirm that they meet the minimum TLS requirement. If they do not meet this requirement, upgrade
those products:
• Skinny Client Control Protocol (SCCP) Conference Bridge
• Transcoder
• Hardware Media Termination Point (MTP)
• SIP Gateway
• Cisco Prime Collaboration Assurance
• Cisco Prime Collaboration Provisioning
• Cisco Prime Collaboration Deployment
• Cisco Unified Border Element (CUBE)
• Cisco Expressway

"

However, we have our CUCM in Security Mode "0" (enterprise parameters). My question is, if we set the minimum TLS version to 1.2, it would have impact in all of the aforementioned applications and devices, even tough if they would have minimum version 1.0 ?

 

Kind regards

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP

‎05-15-2024 10:02 PM - edited ‎05-15-2024 10:05 PM

It would affect anything that cannot do TLS 1.2. For example any 79xx model of phones. For instance they would stop receiving configuration data from your TFTP server(s).

The security mode of your system has no relevance to this. Even in non secure mode the devices will use secure communication for parts of their communication with CM.



Response Signature


View solution in original post

2 Replies 2

Go to solution
Roger Kallberg
VIP
VIP

‎05-15-2024 10:02 PM - edited ‎05-15-2024 10:05 PM

It would affect anything that cannot do TLS 1.2. For example any 79xx model of phones. For instance they would stop receiving configuration data from your TFTP server(s).

The security mode of your system has no relevance to this. Even in non secure mode the devices will use secure communication for parts of their communication with CM.



Response Signature


Go to solution
david.alfaro1
Level 1
Level 1
In response to Roger Kallberg

‎05-16-2024 05:02 PM

Thank you again Roger !

 

Kind regards !

0 Helpful
Customers Also Viewed These Support Documents