Control Center accepts TLS1 after application of SMG patch 10.7.5-291
search cancel

Control Center accepts TLS1 after application of SMG patch 10.7.5-291


Article ID: 235858


Updated On:


Messaging Gateway


Messaging Gateway (SMG) patch 10.7.5-291 addresses an issue with the SMG Control Center accepting TLS1 connections when configured to only accept TLS1.1 or higher. Prior to patch 10.7.5-291, the Control Center ran with the default minimum TLS protocol level regardless of the TLS protocol level reported by the `cc-config status` command:

cc-config --status
Control center log level is WARN.
Compliance log retention is 30 days.
Port 443 is enabled.
Port 41080 is disabled.
Status of clientAuth is enabled.
set_tls_min_level is tls12

Testing the Control Center port shows lower TLS versions accepted before and after applying patch 10.7.5-291

openssl s_client -connect -tls1
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA



Release : 10.7.5

Component :


The Control Center web application is running based on the default configuration file even after patch 10.7.5-291 is applied.


This can be addressed by running the cc-config command to reset the minimum TLS level after applying patch 10.7.5-291

  1. Log into the SMG Control Center command line interface as "admin"
  2. Install patch 10.7.5-291 if it is not already installed
    patch -p 10.7.5-291 install
  3. Reset the minimum TLS version for the SMG Control Center web application
    cc-config set-min-tls-level --tls12


smg-cc [10.7.5-4]> show --version
Version:        Install Date:
10.7.5-4        Wed 29 Dec 2021 10:41:01 PM PST

SMG patch installation history:
     patch-10.7.5-290    2021-12-29 23:09
     patch-10.7.5-291    2022-02-28 14:31
smg-cc[10.7.5-4]> cc-config set-min-tls-level --tls12
Stopping controlcenter (via systemctl):                    [  OK  ]
Starting controlcenter (via systemctl):                    [  OK  ]