×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

7921G phone and encryption

Answered Question
Jan 20th, 2014
User Badges:

Hi all!



We have several 7921G phones which we want to integrate in our WiFi network.

Such WiFi is protected by using EAP-TLS, so we have installed the corresponding

certificates to one testing phone. We have discovered that the phone does not

support certificates with RSA keys with a size greater than than 2048 bits and,

at the same time, their signatures must be always generated by using the SHA1

hashing algorithm. This fact also appears in the related documentation of the

phone. As a consequence we have a problem since the root certificate of the CA

use a key of 4096 bits and the SHA256 algorithm. We have also updated the

firmware to the latest version without success regarding this. Anyone knows if

there is any plan to a firmware update to support keys with a greater size and

another hashing algorithms? Currently, SHA1 algorithm is considered as

deprecated and the security community recommends to use another hash algorithm,

as the same as occurs with the size of the keys.


Sergi

Correct Answer by migilles about 3 years 7 months ago

It is true that the 7921 is not sold any longer but is supported through Nov 2014.
So will offer software release for the 7921 until then.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/p...

However, the 7921 and 7925/7926 will not support certs with 4096 bit keys or SHA-2 signatures.

Any future handsets will have 4096 bit key and SHA-2 support though.


Sent from Cisco Technical Support iPhone App

Correct Answer by Rasika Nayanajith about 3 years 7 months ago

Hi Sergi,


This 7921G already EoL product list, so do not expect any firmware update for it.

http://www.cisco.com/en/US/products/ps7071/


I do not think even any newer phones 7925G will support 4096 bit keys as well.7925G only support key length of 1024 or 2048. Refer this deployment guide for detail (page 97)

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf



HTH

Rasika


*** Pls rate all useful responses *****

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Rasika Nayanajith Mon, 01/20/2014 - 10:32
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Sergi,


This 7921G already EoL product list, so do not expect any firmware update for it.

http://www.cisco.com/en/US/products/ps7071/


I do not think even any newer phones 7925G will support 4096 bit keys as well.7925G only support key length of 1024 or 2048. Refer this deployment guide for detail (page 97)

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf



HTH

Rasika


*** Pls rate all useful responses *****

Correct Answer
migilles Mon, 01/20/2014 - 13:33
User Badges:
  • Cisco Employee,

It is true that the 7921 is not sold any longer but is supported through Nov 2014.
So will offer software release for the 7921 until then.
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/p...

However, the 7921 and 7925/7926 will not support certs with 4096 bit keys or SHA-2 signatures.

Any future handsets will have 4096 bit key and SHA-2 support though.


Sent from Cisco Technical Support iPhone App

sergiwrk1 Mon, 01/20/2014 - 23:54
User Badges:

Thank you for your answers!


I do not know if this obeys some kind of hardware limitations, but it is strange that these features will not be supported as a firmware update :-(


Do you know when a similar handset with these features (i.e. keys with 4096 bits key and SHA-2 hashing algorithm) will be released?


Sergi


Actions

This Discussion

Related Content