McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 225

↗ View in doc context
page
225
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::225

C H A P T E R 17 TLS 1.3 Setup (From Release 15SU2 Onwards) • TLS 1.3 Overview, on page 207 • Install and Upgrade Considerations, on page 208 • TLS 1.3 Interactions, on page 209 • TLS 1.3 Configuration, on page 209 • TLS 1.3 Restrictions, on page 211 • Ports Affected by Transport Layer Security Version 1.3, on page 212 TLS 1.3 Overview Introduction to TLS 1.3 TLS 1.3, as defined in RFC 8446, is the highest version of the Transport Layer Security (TLS) protocol. It aims to improve upon its predecessors, particularly TLS 1.2. TLS 1.3 achieves this by addressing security vulnerabilities, enhancing performance, and streamlining the handshake process. One of the key improvements in TLS 1.3 is the reduction in handshake latency. It significantly enhances the performance of time-sensitive applications. Moreover, TLS 1.3 also reduces round-trip times (RTT), by further optimizing the connection establishment process. TLS 1.3 has dropped support for older and less secure cryptographic algorithms. Key Benefits and Security Improvements • Reduced Handshake Latency—TLS 1.3 minimizes round trips during the handshake process. Hence, it enhances performance, especially for latency-sensitive applications. • Enhanced Security—TLS 1.3 mandates the use of modern cryptographic algorithms. It includes Elliptic Curve Diffie-Hellman (ECDH) for key exchange and Authenticated Encryption with Associated Data (AEAD) for data encryption and integrity protection. This strengthens security against various attacks. • Perfect Forward Secrecy (PFS)—By default, TLS 1.3 ensures that even if long-term keys are compromised, past communications remain secure. Hence, it improves privacy and security. • Encrypted Handshake Messages—TLS 1.3 encrypts handshake messages to prevent passive eavesdropping attacks and ensures confidentiality. • Support for Stronger Algorithms—TLS 1.3 eliminates support for outdated cryptographic algorithms and cipher suites. It reduces the risk of attacks, such as downgrade attacks and cryptographic vulnerabilities. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 207