Guest

Preview Tool

Cisco Bug: CSCvv66419 - Documentation Bug for "Client Signing Required" feature while configuring AD Realm

Last Modified

Sep 14, 2020

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases

11.8.0-453

Description (partial)

Symptom:
All user guide and also the online help for WSA incorrectly states :  enabling "Client Signing Required" under Network Security ensures Transport Layer Security when communicating with Active Directory Server

Exact content in WSA userguide and online help:

"Client Signing Required : 
Select this option if the Active Directory server is configured to require client signing.
With this option selected, AsyncOS uses Transport Layer Security when communicating with the Active Directory server."

This gives the impression that TLS is used to have secure communication with encryption.

SMB signing is a security mechanism in the SMB protocol and is also known as security signatures. SMB signing is designed to help improve the security of the SMB protocol.

It does not encrypt the entire communication rather  places a digital signature into each server message block, which is used by both SMB clients and servers to prevent  "man-in-the-middle" attacks and guarantee that SMB communications are not altered. SMB signing can be either "enabled" or "required" on SMB for both client-side and server-side communications.

Conditions:
All user guide and also the online help for WSA incorrectly states :  enabling "Client Signing Required" under Network Security ensures Transport Layer Security when communicating with Active Directory Server
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.