Introduction So, for the past twelve days I've been away from work on summer vacation. Upon my return, our newly implemented cisco...
Introduction
So, for the past twelve days I've been away from work on summer vacation. Upon my return, our newly implemented cisco system (version 10.5.6) naturally needs some reconfiguration.
For anyone who is familiar with the UCCX admin web page, they know that it must be opened using Firefox. Seemingly, anything other than Firefox is unable to open up the menu buttons correctly, rendering the web interface useless in all other browsers. Before I left, I was able to configure everything without issue but today I was greeted with an error code: "The authenticity of the received data could not be verified", despite the fact that I have a rule specifically allowing the cert for this site in my browser. This morning I was collaborating with a very bright Eplus representative, who was not yet aware of this issue and was also a tad stumped at first. After studying the situation for a bit, I figured that the easiest and most effective way would be to disable SSL encryption altogether. If Firefox wasn't going to cooperate, I'd have to make it! ...Several hours later, it turned out that I had unveiled a bug with Firefox's latest version and UCCX, hours before any of the specialists at Eplus had even been notified. And their suggested solution is identical to my own! Below is the message sent out the tech support reps at Eplus:
"Latest Upgrade of Firefox v.39 includes Logjam security fix that breaks Web pages for Cisco US without 3rd Party signed Certs.
If you use Firefox to access UC and upgraded to v. 39 read on.
We see it with some legacy 8.x and 9.x customers. UC 10.5 have 3rd party Certs.
It is likely that all other browsers are going to implement same fix.
Workaround is to disable this check for access to UC, but then you are vulnerable to Logjam so enable it back when done."
Steps (5 total)
In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
In the search box above the list, type or paste ssl3 and pause while the list is filtered
Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
This is the error you see when you can not access page...
No comments
Post a Comment