Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Unity Connection Minimum TLS Version Support

Published byDavid Möller Modified over 5 years ago

Similar presentations

Presentation on theme: "Cisco Unity Connection Minimum TLS Version Support"— Presentation transcript:

1 Cisco Unity Connection Minimum TLS Version Support
EDCS JAN

2 Notice The information in this presentation is provided under Non-Disclosure agreement and should be treated as Cisco Confidential. Under no circumstances is this information to be shared further without the express consent of Cisco. Any roadmap item is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

3 Abbreviations CLI – Command Line Interface
CUC – Cisco Unity Connection TLS – Transport Layer Security

4 Agenda Introduction What’s New Configuration Demo Troubleshooting Tips
References

5 Introduction

6 Introduction Cisco Collaboration Products use TLSv1.0, transport layer encryption for signaling and client server communication which is no longer considered as secure. Hence Products are required to support TLSv1.2 and restrict TLS negotiation over a less secure encryption version (e.g., TLSv1.0) Example: If a browser on TLSv1.0 tries to connect to a server that’s supports TLSv1.2, then browser will not be able to establish connection with the server

7 What's New CUC already supports TLSv1.0, TLSv1.1,TLSv1.2 . However, there was no way to restrict TLS negotiations to a minimum TLS version. Release 12.0 onwards, System Administrator can configure minimum TLS version. It can be configured via admin CLI command, admin: set tls min-version <tls minVersion> Once “minimum TLS version” is set, all negotiations will happens only if peer supports Configured TLS version Or, Higher version This is applicable for inbound interfaces supported by CUC. For list of all supported Interfaces, refer “IP Communications Required by Cisco Unity Connection” Chapter of “Security Guide for Cisco Unity Connection Release 12.x “ available at Chapter

8 Configuration

9 Configuring Minimum TLS version
To configure minimum TLS version, use below CLI admin: set tls min-version <tls minVersion> Where value for ‘tls minVersion’ can either be 1.0 or 1.1 or 1.2 Example: set tls min-version 1.1 Note: On Cluster, above CLI MUST be executed on both nodes explicitly

10 Demo

11 Scenario 1:Connect Server (TLSv1.2) with any browser on TLSv1.2
Set TLS version as “TLSv1.2” in CUC, reboot the system Check TLS version with CLI, admin: show tls min-version Connect any browser (TLSv1.2) to server Wireshark Snapshot : Handshaking is successful

12 Scenario 2:Connect Server (TLSv1.1) with any browser on TLSv1.0
Set TLS version as “TLSv1.1” in CUC, reboot the system Check TLS version with CLI, admin: show tls min-version Connect any browser (TLSv1.0) to server . Below error can be seen in Internet Explorer. Wireshark Snapshot : Handshaking failed

13 Troubleshooting Tips

14 Troubleshooting Annotated Logs Problem Statement 1:
If any secure connection fails after setting Minimum TLS version, which was working earlier Action Required: Check if the peer supports TLS version greater than or equal to configured minimum TLS value To verify on CUC, use CLI show tls min-version Annotated Logs Wiki: Annotated diagnostics for Minimum TLS Configuration

15 References Security Guide For Cisco Unity Connection 12.0 (1)
urity/b_12xcucsecx.html CLI Reference Guide for Cisco Unified Communications Solutions: unified- communications-manager-callmanager/products-maintenance-guides- list.html

16

17 Supported Interfaces Interface Port Remarks Tomcat 8443,443,8444
Both client and administrative workstations connect to these ports. Supported browsers are Internet Explorer (IE), Mozilla, Chrome Jetty 7443 Notifications of changes to Unity Connection voice messages. Such Interfaces are Single Inbox, Jabber. IMAP 143,993 IMAP Clients such as Outlook make connection with Unity SMTP 25 SMTP Clients such as Thunderbird make connection with Unity SIP Unity Connection SIP Control Traffic handled by conversation manager. Supported clients such as Call Manager. LDAP 636 LDAP is such outbound interface, which is honoring TLS version changed at unity connection.

Download ppt "Cisco Unity Connection Minimum TLS Version Support"

Similar presentations

Dexter Team IPv6 in Connection 8.5.

Dexter Team IPv6 in Connection 8.5.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2014 Cisco and/or its affiliates. All rights reserved. 1 URI Dialing Unity.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2014 Cisco and/or its affiliates. All rights reserved. 1 URI Dialing Unity.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 SRSV MWI Functionality.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 SRSV MWI Functionality.
NetAcumen ActiveX Install Instructions. Requirements: Administrator: User must be logged in as Administrator of the machine. If you are not the administrator,

NetAcumen ActiveX Install Instructions. Requirements: Administrator: User must be logged in as Administrator of the machine. If you are not the administrator,
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal
Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved. 1 64 bit RHEL 6 Update 2 OS Upgrade RHEL TEAM 25-01-2013.

Cisco Confidential © 2011 Cisco and/or its affiliates. All rights reserved bit RHEL 6 Update 2 OS Upgrade RHEL TEAM
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.
PC Maintenance: Preparing for A+ Certification Chapter 25: The Internet.

PC Maintenance: Preparing for A+ Certification Chapter 25: The Internet.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Missed Call Notification Unity Connection 11.0

Missed Call Notification Unity Connection 11.0
1 © 2002, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Key differences between Cisco Unity Connection and Cisco Unity Manjit.

1 © 2002, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Key differences between Cisco Unity Connection and Cisco Unity Manjit.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Voice Mailbox.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Voice Mailbox.

Similar presentations

Ads by Google