[cisco-voip] UCCX and TLS versions
Damisch, Kevin
Kevin.Damisch at oneneck.com
Wed Aug 31 09:45:13 EDT 2016
Customer is running UCCX 10.6(1). We have some "HTTP Request" actions within a Finesse workflow that points to one of the customer's internal web servers. Looking at the packet capture taken from UCCX when this workflow runs, we can see UCCX sending the https request with a TLS 1.0 hello packet. The customer's web server then replies with a TLS handshake error because it only supports TLS 1.1 or higher. We also noticed the same thing occurring with a custom gadget in the Finesse desktop layout, which points to a web server handled by an F5 load balancer. The F5 rejects it with the same TLS handshake error.
Other than having the customer enable TLS 1.0 on their servers, what options do we have on the UCCX side? Does UCCX 11.x still send TLS 1.0 on http requests? I've had a TAC case open for a while and don't have an answer yet. Just to be clear, I'm aware of the forum posts out there about verifying the TLS version with IE and Firefox. That isn't what I'm talking about. I'm not talking about using a browser to get *to* UCCX. I'm talking about UCCX *sourcing* the https request, such as in a workflow action, destined for another web server. That is the direction where we are seeing UCCX send TLS 1.0 hello packets that we want and need to be TLS 1.1 or higher to satisfy the customer's security requirements.
Thanks!
Kevin Damisch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160831/09b46424/attachment.html>
More information about the cisco-voip
mailing list