Guest

Preview Tool

Cisco Bug: CSCvv80449 - ESA: TLS implementation should remove 1blu.de and mail.ru from the list of valid SLDs

Last Modified

Sep 24, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

13.5.1-273

Description (partial)

Symptom:
Having TLS verify enabled, we can see verification errors for domains utilizing a certificate with *.1blu.de or *.mail.ru as a CN/DNS attribute, logs from tlsverify would be similar to the below:
Verifying certificate common name *.1blu.de.
Ignored *.1blu.de: top-level domain contains wildcard

This is because by default we do not verify CN/DNS attributes if they are a wildcard+TLD/SLD
ex *.com.  however 1blu.de and mail.ru are not a TLD/SLD and need to be removed from the appliance list

Conditions:
having TLS settings to be TLS verify and trying to deliver to a domain that has a certificate with *.1blu.de as a CN/DNS
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.