Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

7921G phone and cryptography

Hi all!

We have several 7921G phones which we want to integrate in our WiFi network. Such WiFi is protected by using EAP-TLS, so we have installed the corresponding certificates to one testing phone. We have discovered that the phone does not support certificates with RSA keys with a size greater than than 2048 bits and, at the same time, their signatures must be always generated by using the SHA1 hashing algorithm. This fact also appears in the related documentation of the phone. As a consequence we have a problem since the root certificate of the CA use a key of 4096 bits and the SHA256 algorithm. We have also updated the firmware to the latest version without success regarding this. Anyone knows if there is any plan to a firmware update to support keys with a greater size and another hashing algorithms? Currently, SHA1 algorithm is considered as deprecated and the security community recommends to use another hash algorithm, as the same as occurs with the size of the keys.

Sergi

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

7921G phone and cryptography

1 REPLY
VIP Purple

7921G phone and cryptography

578
Views
0
Helpful
1
Replies
CreatePlease to create content