Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ios devices invalid tls version

This thread has been viewed 0 times

  • 1.  ios devices invalid tls version

    Posted Mar 13, 2018 10:11 AM

    Hi,

     

    i have a site where ios devices are not connecting to the staff network using eap-tls and local termination.

     

    Putting a device in debugging showed me :

     

    Mar 12 05:54:16 station-down * c4:b3:01:31:ab:d7 ac:a3:1e:22:a5:a1 - -
    Mar 12 05:55:39 station-up * c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41 - - wpa2 aes
    Mar 12 05:55:39 station-term-start * c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41 1 -
    Mar 12 05:55:39 client-cert -> c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41/auth-dv-staff-cert 1261 2548
    Mar 12 05:55:39 client-cert -> c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41/auth-dv-staff-cert 1270 2548
    Mar 12 05:55:39 client-cert -> c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41/auth-dv-staff-cert 17 2548
    Mar 12 05:55:39 client-cert verified * c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41 - -
    Mar 12 05:55:39 cert-signature-verify -> c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41/auth-dv-staff-cert - - verified
    Mar 12 05:55:39 client-finish -> c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41/auth-dv-staff-cert - - invalid tls version
    Mar 12 05:55:47 station-down * c4:b3:01:31:ab:d7 ac:a3:1e:22:a2:41 - -

     

    I 'suspect' in newer ios versions only tls 1.2 is used.  Which means we need at least firmware 6.4.2.9 on the controller.  And we only have 6.4.2.5.  Could i be correct here?