McDewey

Override Functionality The settings on the Cipher Management page overrides the default settings for each application and any other location where ciphers have been configured. This means that if no ciphers are configured on the Cipher Management page, then the original functionality on all interfaces will be retained. For example, if the Enterprise Parameter “TLS Ciphers” is configured with “ALL Supported Ciphers” and the Cipher Management page is configured with ciphers “AES256-GCM-SHA384:AES256-SHA256” on All TLS interfaces, all application SIP interfaces will support only the “AES256-GCM-SHA384:AES256-SHA256” ciphers and ignores the Enterprise Parameter value. Application Ciphers Support The following table lists the application interfaces and the all corresponding ciphers and algorithms that are supported on TLS and SSH interfaces. By default, the following ciphers are supported in the TLS 1.3 protocol: In FIPS mode: • TLS_AES_256_GCM_SHA384 • TLS_AES_128_GCM_SHA256 In non-FIPS mode: • TLS_AES_256_GCM_SHA384 • TLS_CHACHA20_POLY1305_SHA256 • TLS_AES_128_GCM_SHA256 Note Table 20: Unified Communications Manager Cipher Support for TLS Ciphers Supported Ciphers Port Protocol Application / Process ECDHE-RSA-AES256-GCM-SHA384: ECDHE-RSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-SHA384: ECDHE-RSA-AES128-SHA256: ECDHE-RSA-AES256-SHA: ECDHE-RSA-AES128-SHA: AES256-GCM-SHA384: AES128-GCM-SHA256 AES256-SHA256: AES128-SHA256 AES256-SHA: AES128-SHA: 2443 TCP / TLS Cisco CallManager Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 120 Basic System Security Cipher Limitations