McDewey

C H A P T E R 10 Cipher Management • Cipher Management, on page 113 • Configure Cipher String, on page 116 • Cipher Limitations, on page 119 • Cipher Restrictions, on page 127 Cipher Management Cipher management is an optional feature that enables you to control the set of security ciphers that is allowed for every TLS and SSH connection. Cipher management allows you to disable weaker ciphers and thus enable a minimum level of security. The Cipher Management page has no default values. Instead, the Cipher Management feature takes effect only when you configure the allowed ciphers. Certain weak ciphers are never allowed, even if they are configured on the Cipher Management page. The information in this page is applicable only for TLS 1.2 and lower protocols. Important You can configure ciphers on the following TLS and SSH interfaces: • All TLS—The ciphers that are assigned in this field are applicable to all server and client connections that support the TLS protocol on Unified Communications Manager and IM and Presence Service. • HTTPS TLS—The ciphers that are assigned in this field are applicable to all Cisco Tomcat connections on ports 443 and 8443 that support the TLS protocol on Unified Communications Manager and IM and Presence Service. If you assign ciphers on HTTPS TLS and All TLS fields, the ciphers that are configured on HTTPS TLS override All TLS ciphers. Note • SIP TLS—The ciphers that are assigned in this field are applicable to all encrypted connections to or from the SIP TLS interfaces that support the TLS protocol on Unified Communications Manager. It is not applicable for SCCP or CTI devices. SIP interface in authenticated mode only supports NULL-SHA ciphers. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 113