Controllerless Networks

last person joined: 22 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Disable SSLv3 in Aruba Instant

This thread has been viewed 4 times

  • 1.  Disable SSLv3 in Aruba Instant

    Posted Oct 16, 2014 07:27 AM

    Hello!

    Since Aruba Instant was also affected by the latest SSL vurnability, I was trying to find out how to force it to only accept TLS as in Aruba OS.

    I was, however, unable to find any information regarding the command to use.

     

    Does anyone know?



  • 2.  RE: Disable SSLv3 in Aruba Instant
    Best Answer

    EMPLOYEE
    Posted Oct 16, 2014 07:33 AM

    It cannot currently be disabled in Instant.



  • 3.  RE: Disable SSLv3 in Aruba Instant

    Posted Oct 16, 2014 07:38 AM

    Thank you for the information!



  • 4.  RE: Disable SSLv3 in Aruba Instant

    EMPLOYEE
    Posted Oct 16, 2014 08:53 AM

    More info on this:

     

    All modern browsers support TLSv1 at a minimum, and most also support TLSv1.1 and TLSv1.2.

    We recommend disabling SSLv3 support in the browser.

    As long as one side of the connection refuses to support SSLv3, the attack will be unsuccessful.

     

     

    If you have a controller, executing the following command from the controller CLI will enable only TLSv1:

    (config) #web-server ssl-protocol tlsv1

     

    For our official response, see here:

     

    http://www.arubanetworks.com/support/alerts/aid-10142014.txt

     



  • 5.  RE: Disable SSLv3 in Aruba Instant

    Posted Oct 16, 2014 09:55 AM

    Hello!

    Yes, I´ve disabled it in my browsers a long time ago. But for those unfamiliar with the issues, I wanted to have some guarentees.

     

    Thanks for the information but I´ve already seen it and are familier with the proceedure to disable support for SSL v3 in ArubaOS.

     

    Thanks!

    /Mikael