• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

How to Better Secure Your Cisco Expressway

How to Secure Cisco Expressways

Given the current pandemic situation, the remote work culture has become our new normal. Companies that previously considered Work from Home (WFH) a perk, offered only to certain individuals, have had to open it up to a wide range of employees. Aside from the obvious upsides, this poses a few security concerns as well. So, it is strongly recommended that companies keep up with regular security audits & follow accepted best practices. In this blog post, we’ll look at one such best practice and how to accomplish it.

Specifically, this applies to Cisco shops running VCS/Expressways at the collaboration edge. Best practice is to make sure you have upgraded your TLS Versions with highly secure Cipher suites.

Need help doing so? Don’t worry, you are in the right spot.

Starting with version X8.10, Expressway defaults to TLS Version 1.2 when establishing secure connections for the following services:

  • HTTPS
  • SIP
  • XMPP
  • UC server discovery
  • Reverse proxy

However, on upgrade, the previous behavior and defaults persist so you won’t be defaulted to TLS version 1.2. New installations will use the new defaults. So, for new installations you should check that all browsers and other equipment/applications that must connect to the Expressway supports TLS version 1.2.

Cipher Suites:

You can configure the cipher suite and minimum supported TLS version for each service on the Expressway. These services and cipher suites are shown in the table below. (The cipher strings are in OpenSSL format.)

For services where the Expressway can act as a client, for example HTTPS, the same minimum TLS version and Cipher suites will be negotiated.

Configuration:

  • Login to the Expressway(s) with admin credentials.
  • Go to Maintenance > Security > Ciphers.
  • Configure the minimum TLS versions & supported Cipher Suites (refer table above) as required.
  • Save & restart the Expressway(s) for the changes to take effect.
  • Note that these changes must be completed in both C & E expressways.
  • In a clustered environment, the changes can be completed only in the primary configuration node & it propagates to all the cluster nodes.

Here is a video reference: https://video.cisco.com/video/5858449075001.

If you need any help with the above steps, don’t hesitate to reach out to the Arraya team! We’ll be happy to share our insights and expertise. Do so by visiting: https://www.arrayasolutions.com//contact-us/!

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}