McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 221

↗ View in doc context
page
221
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::221

Restriction Feature TLS 1.2 connections to older versions of Unified Communications Manager that do not support the higher TLS version do not work. For example, a TLS 1.2 SIP trunk connection to Unified Communications Manager Release 9.x does not work because that release does not support TLS 1.2. You can use one of the following workarounds: • Workaround to enable connections: Use nonsecure trunks, although this is not a recommended option. • Workaround to enable connections while using TLS 1.2: Upgrade the non-supported version to a release that does support TLS 1.2. Connections to non-supported versions of Cisco Unified CommunicationsManager CTL client does not support TLS 1.2. You can use one of the following workarounds: • Temporarily allow TLS 1.0 when using the CTL client and then move the Cluster to Common Criteria mode. Configure Minimum TLS to 1.1 or 1.2 • Migrate to the Tokenless CTL by using the CLI Command utils ctl set-cluster mixed-mode in Common Criteria mode. Configure Minimum TLS to 1.1 or 1.2 Certificate Trust List (CTL) Client There is no workaround. Address Book Synchronizer Cisco Unified Communications Manager Ports Affected by Transport Layer Security Version 1.2 The following table lists the Unified Communications Manager Ports Affected By TLS Version 1.2: Table 35: Cisco Unified Communications Manager Ports Applicable for Transport Layer Security Version 1.2 Cisco Unified Communications Manager Operating in Common Criteria Mode Cisco Unified Communications Manager Operating in Normal mode Destination / Listener Protocol Application Minimum TLS version1.2 Minimum TLS version1.1 Minimum TLS version1.0 Minimum TLS version1.2 Minimum TLS version1.1 Minimum TLS version1.0 TLS 1.2 TLS 1.1, TLS 1.2 TLS 1.1 TLS 1.2 TLS 1.1, TLS v1.2 TLS 1.0, TLS 1.1, TLS 1.2 443 HTTPS Tomcat TLS 1.2 TLS 1.1, TLS 1.2 TLS 1.1 TLS 1.2 TLS 1.1, TLS 1.2 TLS 1.0, TLS 1.1, TLS 1.2 2443 Signalling Connection Control Part (SCCP) SCCP - SEC - SIG Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 203 Basic System Security TLS Restrictions