Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Disable TLSv1.0 not working on Subscribers?

This thread has been viewed 0 times

  • 1.  Disable TLSv1.0 not working on Subscribers?

    Posted Feb 08, 2017 02:59 PM

    Hi Everyone,

     

    I have a cluster of appliances running 6.6.3.

     

    In the Cluster-Wide Parameters i have setup 'Disable TLSv1.0 Support' to all.

     

    When i do an nmap ssl-enum-ciphers scan against the publisher i see that TLS 1.0 is gone, however when scanning any subscriber, it still contains TLS1.0.

     

    Am i missing something? I thought the cluster-wide option should apply to all servers? I am working with TAC but thought I could check here to see if others see the same thing

     

    to scan your server use namp:

     

    # nmap -sV --script ssl-enum-ciphers -p 443 <host>

     

    I see the same thing in my lab.

     

    _ELiasz

     

     



  • 2.  RE: Disable TLSv1.0 not working on Subscribers?

    EMPLOYEE
    Posted Feb 13, 2017 03:34 AM

    Eliasz,

     

    I just tried the same and see similar behavior in my lab. Disabling TLS1.0 is effective on the publisher (I tried just for Admin instead of 'All'), not on subscribers. Tested on ClearPass 6.6.3.

    Please drop me a personal message with your contact details and the case number if you find TAC has issues in replicating or filing an engineering request.

    Herman