Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Disable TLS and SSL on CVP tomcat

Hi Folks,

We have cvp 10.0.1 and as per PCI complience we have to disable all the SSL versions and TLS 1.0 and 1.1 on tomcat server.

As per CVP compatibility guide it supports TLS v. 1.x therefore i need to know disbaling the TLS 1.0 and 1.2 have any impact on operation.

 

Also we have to disable it on UCCE servers as well however the tomcat server config in ucce machine doesn't contain any config related to ciphers. In this case if i copy the cvp tomcat server cipher config and put it in ucce tomcat will it work.

 

Thanks

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Disable TLS and SSL on CVP tomcat


however with CUIC could you clarify if you r talking about CUIC connection with AW DB


I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.

At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.

 

Regards,
Geoff

 

4 REPLIES
Green

Re: Disable TLS and SSL on CVP tomcat

You are on an old version of UCCE that still requires TLS 1.0. If you turn it off, a couple of things will break: Internet Script Editor and the CUIC connection to the databases, for sure.

I know you are getting pressured by your PCI Compliance team, but expect problems if you disable it.

UCCE and CVP 11.6 is completely free of TLS 1.0 and TLS 1.1 requirements. Best thing is to get there. 

Regards,
Geoff

Re: Disable TLS and SSL on CVP tomcat

HI Geoff,

Good to see you :). About ISE we re not using it however with CUIC could you clarify if you r talking about CUIC connection with AW DB or CVP reporting server DB.

 

Thank you

 

Green

Re: Disable TLS and SSL on CVP tomcat


however with CUIC could you clarify if you r talking about CUIC connection with AW DB


I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.

At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.

 

Regards,
Geoff

 

Re: Disable TLS and SSL on CVP tomcat

Sorry for delay response Geoff, I have disabled RC4 and SSL version on tomcat for UAT environment. For TLS I am also going to request for an exception. Once the customer confirmed that things are working fine I will apply it on production tomcat.

Thanks for your as usual support
311
Views
0
Helpful
4
Replies