When running the `cc-config --status` command from the Messaging Gateway 10.7.5 command line interface, the minimum TLS level for connections to the SMG Control Center web application is reported as tls12 regardless of the actual minimum TLS setting.
smg-cc [10.7.5-4]> cc-config --status
Control center log level is WARN.
Compliance log retention is 30 days.
Port 443 is enabled.
Port 41080 is disabled.
Status of clientAuth is disabled.
set_tls_min_level is tls12
$ openssl s_client -connect smg:443 -tls1
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 6222B753929423ED09EE26B32840D33ABD7DC521CFAA4A4955245213D76D55B1
Release : 10.7.5
Component :
This is a display error in the cc-config command and will be addressed in a future release.
This issue will be addressed in a future release. If you are concerned regarding the minimum TLS level currently set for the SMG Control Center web application you can manually set it via the following command:
Example
smg-cc [10.7.5-4]> show --version
Version: Install Date:
10.7.5-4 Wed 02 Mar 2022 11:29:26 PM PST
SMG patch installation history:
patch-10.7.5-291 2022-03-04 17:22
smg-cc [10.7.5-4]> cc-config set-min-tls-level --tls12
Stopping controlcenter (via systemctl): [ OK ]
Starting controlcenter (via systemctl): [ OK ]
$ openssl s_client -connect smg:443 -tls1
CONNECTED(00000005)
140515140755904:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
...
SSL-Session:
Protocol : TLSv1
Cipher : 0000
$ openssl s_client -connect smg:443 -tls1_2
CONNECTED(00000005)
...
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 6222BD7B8C4D2AA4D22DE8562451B228F5CF8677824997D7740B7A7D2B0C16A4
Session-ID-ctx:
Master-Key: 66F5CED4C11BE30E89832468BFE1EFAB676D0A5521EAA964BB2C911CAAFA22056DF6FCDF5114369167637385254958EB