/mcpSet Minimum TLS Version By default, Unified Communications Manager supports a minimum TLS version of 1.0. Use this procedure to reset the minimum supported TLS version for Unified Communications Manager and the IM and Presence Service to a higher version, such as 1.1 or 1.2. Make sure that the devices and applications in your network support the TLS version that you want to configure. For details, see TLS Prerequisites, on page 195. Procedure Step 1 Log in to the Command Line Interface. Step 2 To confirm the existing TLS version, run the show tls min-version CLI command. Step 3 Run the set tls min-version <minimum> CLI command where <minimum> represents the TLS version. For example, run set tls min-version 1.2 to set the minimum TLS version to 1.2. Note Until Release 15SU1, perform Step 3 on all Unified Communications Manager and IM and Presence Service Service cluster nodes. Set TLS Ciphers You can disable the weaker cipher, by choosing available strongest ciphers for the SIP interface. Use this procedure to configure the ciphers that Unified Communications Manager supports for establishing TLS connections. Procedure Step 1 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 2 In Security Parameters, configure a value for the TLS Ciphers enterprise parameter. For help on the available options, refer to the enterprise parameter online help. Step 3 Click Save. Note All TLS Ciphers will be negotiated based on client cipher preference Configure TLS in a SIP Trunk Security Profile Use this procedure to assign TLS connections to a SIP Trunk Security Profile. Trunks that use this profile use TLS for signaling. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 197 Basic System Security Set Minimum TLS Version