[c-nsp] ASR1000 IOS Version

Lukas Tribus luky-37 at hotmail.com
Wed Feb 18 10:59:44 EST 2015


>>> 15.3(3)S4, which is 3.10(4)S. It seems solid.
>>
>> as a side note, now that CSCuo76464 (SSH doesn't work with openssh>= 6.4)
>> and CSCuo31527 (multicast occasionally stops working completely, causing
>> vrrp/ospf to die horribly) have been fixed, 15.3(3)S4 is looking really
>> nice on the ME3600 platform too.


FYI:
15.3(3)S5/15.3(3)M5 broke SSL/TLS completely (all platforms).

They tried to fix the poodle vuln in CSCur23656 by disabling SSLv3, but
it appears they forgot they don't support TLS in the 15.3 branch, so there
is now (in the fifth rebuild) no SSL/TLS protocol left to use ...

TLSv1.0 was only introduced in 15.4. This "fix" is probably pending for
15.2 and 15.1 branches as-well.


This affects all SSL related features, like SSLVPN, HTTPS client and
server, etc. So if you need SSL features, better stick to the fourth rebuild
in the 15.3(3) branches (or upgrade to 15.4 for TLS).



Lukas

 		 	   		  


More information about the cisco-nsp mailing list