02-08-2017 11:58 AM
I have a cluster of appliances running 6.6.3.
In the Cluster-Wide Parameters i have setup 'Disable TLSv1.0 Support' to all.
When i do an nmap ssl-enum-ciphers scan against the publisher i see that TLS 1.0 is gone, however when scanning any subscriber, it still contains TLS1.0.
Am i missing something? I thought the cluster-wide option should apply to all servers? I am working with TAC but thought I could check here to see if others see the same thing
to scan your server use namp:
# nmap -sV --script ssl-enum-ciphers -p 443 <host>
I see the same thing in my lab.
ACDX, ACCP, CISSP, CWNA
02-13-2017 12:33 AM
I just tried the same and see similar behavior in my lab. Disabling TLS1.0 is effective on the publisher (I tried just for Admin instead of 'All'), not on subscribers. Tested on ClearPass 6.6.3.
Please drop me a personal message with your contact details and the case number if you find TAC has issues in replicating or filing an engineering request.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.