12-08-2015 07:59 AM
New to the Community - first post!
I inherited an Aruba Instant environment, IAP 105s, and a Virtual Controller runing firmware 18.104.22.168-22.214.171.124_50989 (using the internal db for users, no RADIUS server).
A problem arose with recently-updated Android 6.0 devices - apparnetly 6.0 uses TLS v1.2, and the current Controller firmware uses a previous version, meaning that none of our Android 6.0 devices can authenticate. They just hang and eventually fail (See Info regarding TLS version as root of authentication problem - begins with post #29: https://code.google.com/p/android/issues/detail?id
According to Aruba Support, Firmware 126.96.36.199 will resolve the problem, but the rep I spoke said that it was in an "internal-only" release and wasn't yet available to the public. Anyone familiar with Aruba's release schedule and when 188.8.131.52 might be available to the public?
Aslo, my current Controller does see an available update, but for v 184.108.40.206-220.127.116.11_51810; when v 18.104.22.168 becomes available, will my Controller offer this update instead? Or do I need to install v 22.214.171.124-126.96.36.199_51810 first in order to get to 188.8.131.52?
Appreciate any and all thoughts/suggestions!
12-08-2015 08:02 AM - edited 12-08-2015 08:02 AM
6.4.3.x is available as ED on the support site. The Instant firmware check will only check for GA code. If you want to use ED code, you have to download it and upload to the VC.
12-08-2015 08:45 AM
How...risky is the ED code? I've finally gotten my environment running fairly smoothly, but for this Andorid 6 problem. I don't want to take the risk of introducing other problems for most users just to try to resolve something that is only affecting a small pocket of users.
I'm OK waiting till 184.108.40.206 is in general release, but if I can fix it now (without undue risk), so much the better.
12-08-2015 08:47 AM
12-09-2015 04:31 AM
Remember that this also affects Windows 10 now as of the 1511 release:
Incidentally, that article is inaccurate for CPPM, as it currently states that only 6.5.1 is affected.
It should state:
6.5.1 for all TLS based methods, 6.5.1 - 6.5.3 for TTLS
12-09-2015 06:54 AM
Windows 7, 8 and 8.1 will do TLS 1.2 for EAP with a registry change after Windows Updates have been applied, it just will not use it by default for the moment. I suspect that may well change in the not too distant future. We all definitely need to ensure that RADIUS servers are patched therefore.