The Tops of our company came to us this morning and where all panic like:
Does anybody know if and what WLC Versions are a problem?
Thanks alot for your help!
yeah, ALL cisco products for that matter - but at the moment I´m just responsible for the WLC´s :D (As they have "external" access because of the Guest users..)
It would be good to know the breakdown of which products, if any are exposed. We are looking specifically for Ironport Email Security Appliances and the email encryption appliance IEA devices.
Hey, So according to the Cisco Security Advisory the WLC is listed as non vulnerable - So the WLC HTTPs WebGUI cert does not internally use OpenSSL or at least a vulnerable version.
What about those who are using a Captive Portal for Guest Wireless?
Many people use OpenSSL to convert 3rd Party certificates for the Portal as per the Cisco guides?
I have the answer to my question:
Please refer to the following link which mentioned that we can’t use any other versions than openssl 0.9.8, since the controller will not accept the certificate, please check the following links which mentioned that:
That's no longer the case. OpenSSL 1.0 is supported from WLC 7.5.102 onwards.
This means if you have 7.6.X or above you should be OK to use OpenSSL 1.0 . I successfully used 1.0.1g on a very up to date Gentoo Linux box only a week ago to convert, chain and upload a new wildcard certificate to my WLC.
See: https://tools.cisco.com/bugsearch/bug/CSCti65315 for further information about this bug.