Guest

Preview Tool

Cisco Bug: CSCvv24045 - ENH: Disable TLS 1.1 permanently for sftunnel communication

Last Modified

Sep 15, 2020

Products (1)

  • Sourcefire Defense Center

Known Affected Releases

6.4.0 6.4.0.7

Description (partial)

Symptom:
If an FMC running a newer version (eg 6.4) has one or more devices running an older (eg 6.1) version FTD in pending registration state, the FMC shall still negotiate in TLS 1.1. This is to make the FMC backward compatible with sensors which support only till TLS 1.1.
Using a weak cipher like TLS 1.1 poses significant security risk and hence TLS 1.1 should be disabled.

Conditions:
Sftunnel uses TLS 1.1 for registration/communication
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.