Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LMS 3.1 - SSL 3.0

Hi,

Can SSL 3.0 be used with LMS 2.0.

Our local vulnerability scanner has identified a vulnerability with use

of SSL 2.0 presently used in our ciscoworks application server.

Can use of SSL 3.0 be

used and if so, when/how is this available to remediate this vulnerability? Our plaform

is Solaris 2.10

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 3.1 - SSL 3.0

This is not possible. SSLv2 must remained enabled on the server for compatibility purposes. The next generation of LMS will disable this legacy encryption protocol.

7 REPLIES
Cisco Employee

Re: LMS 3.1 - SSL 3.0

SSL 3.0 and TLS 1.0 is enabled by default with LMS. Due to the need to support legacy components, we also offer SSLv2.

New Member

Re: LMS 3.1 - SSL 3.0

Hi jclarke,

Thanks for this instant support !

Please tell where I can find if which version of SSL is used and how we can alter the version according to our necessity.

-Thanks

Cisco Employee

Re: LMS 3.1 - SSL 3.0

All modern browsers will use either SSLv3 or TLSv1 by default. You can usually set this up in your browsers advanced or security preferences. For example, in Firefox, go to Advanced > Encryption. You'll see only SSLv3 and TLSv1 are available.

New Member

Re: LMS 3.1 - SSL 3.0

Hi jclarke,

Appreciate the information - however one of the things that this relates to is preventing it from being used on the server - rather than just limiting it to the client to choose one or the other. Can we look at hoew to just limit it to SSL 3.0?

Cisco Employee

Re: LMS 3.1 - SSL 3.0

This is not possible. SSLv2 must remained enabled on the server for compatibility purposes. The next generation of LMS will disable this legacy encryption protocol.

New Member

Re: LMS 3.1 - SSL 3.0

Hi Jclarke,

Thanks for your time and responses.

Your answer gives it all, but as it is required by us as per the security perspective, can we disable LMS server to respond to SSL 2.0. If not can a PER be filed for it.

Thanks.

Cisco Employee

Re: LMS 3.1 - SSL 3.0

No, this is not supported. Like I said, removing SSLv2 is already planned for a future release.

244
Views
10
Helpful
7
Replies
CreatePlease to create content