[c-nsp] ASR1000 IOS Version

Mack McBride mack.mcbride at viawest.com
Wed Feb 18 16:15:51 EST 2015


This is probably the correct action.
Disable the insecure protocol and force people to use command line until they upgrade.

Mack McBride | Network Architect | ViaWest, Inc.
O: 720.891.2502 | mack.mcbride at viawest.com | www.viawest.com | LinkedIn | Twitter | YouTube


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
Sent: Wednesday, February 18, 2015 9:25 AM
To: Lukas Tribus
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASR1000 IOS Version

Hi,

On Wed, Feb 18, 2015 at 04:59:44PM +0100, Lukas Tribus wrote:
> FYI:
> 15.3(3)S5/15.3(3)M5 broke SSL/TLS completely (all platforms).
>
> They tried to fix the poodle vuln in CSCur23656 by disabling SSLv3,
> but it appears they forgot they don't support TLS in the 15.3 branch,
> so there is now (in the fifth rebuild) no SSL/TLS protocol left to use ...

I'm so amazed at Cisco QA at times...

(And I'm so happy that I do not use anything that needs Cisco SSL)

gert
--
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.



More information about the cisco-nsp mailing list