![]() ![]() If you have legacy endpoints and change your TLS version to something above 1.0 you will notice that the directory services on those endpoints will fail with a “Host not found” error. This list of legacy endpoints includes the 7900 series and Cisco’s previous “Cadillac” the 9900 series as well as others. Because support for the newer/higher TLS versions has only recently come into play there are several generations of IP phones that do not support anything above TLS 1.0 (or 1.1 in some cases). That certificate is directly encrypted with the help of TLS. In the case of the directory service(s) they talk using 8443 which is a secure port and thus uses a certificate to communicate (along with the Trust Verification Service (TVS)). If you know anything about Cisco IP phone communications you know that several services and specifically the Corporate and Personal directory service are pre-configured applets that run between the phone and CUCM. ![]() I have many customers that want to take advantage of the higher TLS version levels and that is a good thing, but there are gotchas. With security being the driving factor in much of the IT world these days, there is a push to secure everything to the highest available level, that includes the Collaboration environment. Prior to this release 1.0 was the only supported version. In Cisco Call Manager (CUCM) version 11.5(1)SU3 support was introduced for Transport Layer Security (TLS) versions 1.1 and 1.2. Today’s post will be quick and dirty but hopefully useful. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |