Cisco Cisco TelePresence MCU 4510 Release Notes
New features in 4.4
Cisco TelePresence MCU 4.4 (3.42) Release Notes
Page 2 of 24
New features in 4.4
Version 4.4 introduces a number of new security measures such as better password management, mutual
authentication, certificate-based login, and optional Online Certificate Status Protocol (OCSP) validation of
client certificates for HTTPS connections.
authentication, certificate-based login, and optional Online Certificate Status Protocol (OCSP) validation of
client certificates for HTTPS connections.
Several new features have been added to extend the conference experience, including call persistence,
video to use by default, audio suppression during DTMF, adaptive gain control (AGC) on join, and initial
muting of outgoing audio and video.
video to use by default, audio suppression during DTMF, adaptive gain control (AGC) on join, and initial
muting of outgoing audio and video.
This version also introduces Quality of Service (QOS) tagging for all the different types of traffic originating
from the MCU. The user interface has improved user cautions and features configurable headers and footers
on the user interface pages.
from the MCU. The user interface has improved user cautions and features configurable headers and footers
on the user interface pages.
The user interface and API have been updated as required to support these new features.
Security features
64 character User IDs
The MCU can now accept and store usernames that are 64 Unicode characters long. This applies anywhere
that the MCU can accept a username, that is, from the web interface, an API call, FTP or serial console
login, or a client certificate (common name).
that the MCU can accept a username, that is, from the web interface, an API call, FTP or serial console
login, or a client certificate (common name).
Tighter password security
The MCU never stores passwords in plain text. They are always hashed using the SHA-2 algorithm before
they are stored, even if an unhashed password is provided in a config file.
they are stored, even if an unhashed password is provided in a config file.
Changing passwords is also more secure now, irrespective of whether or not advanced security mode is
enabled. When a user password changes, all session cookies associated with that username will
immediately expire. Any users that are logged in when their passwords change will be logged out and may
only log in with the new password.
enabled. When a user password changes, all session cookies associated with that username will
immediately expire. Any users that are logged in when their passwords change will be logged out and may
only log in with the new password.
Mutual authentication
The MCU can now perform mutual TLS authentication, which enables better security on a range of MCU
interfaces.
interfaces.
The MCU now has a second trust store to provide for the different authentication requirements of this
version. The original trust store authenticates the MCU's incoming and outgoing SIP calls (as in previous
MCU versions), while the new trust store authenticates client and server certificates during web access, API
calls, feedback receiver messages, and OCSP requests.
version. The original trust store authenticates the MCU's incoming and outgoing SIP calls (as in previous
MCU versions), while the new trust store authenticates client and server certificates during web access, API
calls, feedback receiver messages, and OCSP requests.
Whether mutual authentication occurs for these connections depends on the settings on the
Network
> SSL certificates
page. The configuration options and accompanying certificate requirements are explained
.
OCSP checks of client certificates
The MCU can now use OCSP to check client certificate revocation status (for HTTPS connections) against
a pre-configured OCSP server. If the OCSP server responds that the certificate is 'good', the MCU allows
the client to authenticate with the certificate. In all other cases, the MCU will reject the certificate and prevent
authentication.
a pre-configured OCSP server. If the OCSP server responds that the certificate is 'good', the MCU allows
the client to authenticate with the certificate. In all other cases, the MCU will reject the certificate and prevent
authentication.