Security

HI.

I need to support TLS version 2.2.

Can you indicate to me wich version of aruba AOS support TLS 2.2?

Thanks in advance.

Regards

Andrea

I'm sorry I have choosed wrong section.

To be clear, your Radius Server needs to support TLS 1.2, unless you are terminating 802.1x connections on the controller (eap-termination).

HI,

thanks for the answer.

I know, in my case the controller is terminating the connections.

Regards

Andrea

It is EAP-TLS 1.2 and they are working on it, as it is not an easy fix.   I don't have a timetable, so they stress the use of patching your radius server, instead.

HI,

and wich version support tls.1.2?

Regards

Andrea

AOS has not been patched for EAP-TLS 1.2 when used with termination.

So if We use windosw 10 client and termination how we can connect?

I know that there is a workaround:

--------------------------

REG add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13" /v TlsVersion /t REG_DWORD /d 192 /f
    net stop EapHost
    net start EapHost

--------------------------

But there is not any other option to fix this issue?

Now I'm running Aruba Aos 6.4.2.4, last version of aruba does not support tls 1.2?

Excuse me if I sound repetitive, but i need a confimration that for now we cannot do anything on controller for fix the issue.

Regards

Andrea

You can do the client workaround, or you can use an external radius server that is patched.  Those are the only two options.

HI,

in 6.4.4.5 release note i have found:

--------------------------------------------------------

129144

Symptom: Windows 10 clients running version 1511 were unable to connect to 802.1X SSID when termination was enabled on a controller. A workaround is added in the ArubaOS code whereby the controller sends a HELLO message with TLS v1.0 when the Advanced Cryptography (ACR) license is not available in the controller for clients initiating a TLS v1.2 session. Scenario: ArubaOS supports TLS v1.2 with Suite B which requires ACR license. Windows 10 clients with the new patch (OS Build 10586.3) seem to work with RSA certificates and TLS v1.2. This issue was observed in Windows 10 client with OS Build 10586.3 and controllers running ArubaOS 6.3.x or ArubaOS 6.4.x.

--------------------------------------------------------

Do you think that 6.4.4.5 can solve my issue?

Regards Andrea

Another question:

wich impact can have this update? by 6.4.2.4 to 6.4.4.5

Regards

Andrea Acampa

HI with upgrade to 6.4.4.5 we solved the issue.

Regards

Andrea

Andrea,

Thank you.  I missed that...