I don't think that is possible,
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------
Original Message:
Sent: Sep 14, 2021 05:10 PM
From: Eyðun Eli Jacobsen
Subject: Supported Cipher Suites in AP-505?
Hi
When enabling ap1x in the AP-505 in order to authenticate the AP itself, I see the following cipher suites in the Client Hello message:
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Is it possible to enable other Cipher Suites?, e.g. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 or TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384?
Thanks,
Eyðun E. Jacobsen
----- snippet ----
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0xcc (204)
Length: 489
Authenticator: ba29e417ad2cd286cae1b4c44c370b0c
[The response to this request is in frame 66533]
Attribute Value Pairs
AVP: t=Framed-MTU(12) l=6 val=1492
AVP: t=NAS-IP-Address(4) l=6 val=192.168.161.4
AVP: t=NAS-Identifier(32) l=10 val=KLI-SW01
AVP: t=User-Name(1) l=5 val=ap4
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=NAS-Port(5) l=6 val=12
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=NAS-Port-Id(87) l=4 val=12
AVP: t=Called-Station-Id(30) l=19 val=ec-eb-b8-2d-69-40
AVP: t=Calling-Station-Id(31) l=19 val=34-8a-12-cd-02-82
AVP: t=Connect-Info(77) l=39 val=CONNECT Ethernet 1000Mbps Full duplex
AVP: t=Tunnel-Type(64) l=6 Tag=0x00 val=VLAN(13)
AVP: t=Tunnel-Medium-Type(65) l=6 Tag=0x00 val=IEEE-802(6)
AVP: t=Tunnel-Private-Group-Id(81) l=3 val=1
AVP: t=State(24) l=38 val=5e9d06670000013700011700fe800000000000003d90c15bfe721d4700000004327b101a
Type: 24
Length: 38
State: 5e9d06670000013700011700fe800000000000003d90c15bfe721d4700000004327b101a
AVP: t=EAP-Message(79) l=84 Last Segment[1]
Type: 79
Length: 84
EAP fragment: 0241005219800000004816030300430100003f03036131319f80bd688f7bbc6e07c4601c…
Extensible Authentication Protocol
Code: Response (2)
Id: 65
Length: 82
Type: Protected EAP (EAP-PEAP) (25)
EAP-TLS Flags: 0x80
1... .... = Length Included: True
.0.. .... = More Fragments: False
..0. .... = Start: False
.... .000 = Version: 0
EAP-TLS Length: 72
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 67
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 63
Version: TLS 1.2 (0x0303)
Random: 6131319f80bd688f7bbc6e07c4601c53db3b53caa914e6bf6b3fc7910227eb36
Session ID Length: 0
Cipher Suites Length: 10
Cipher Suites (5 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 12
Extension: signature_algorithms (len=8)
Type: signature_algorithms (13)
Length: 8
Signature Hash Algorithms Length: 6
Signature Hash Algorithms (3 algorithms)
AVP: t=Message-Authenticator(80) l=18 val=2dbf7686fa03fc742017927b678774b1
Type: 80
Length: 18
Message-Authenticator: 2dbf7686fa03fc742017927b678774b1
AVP: t=Vendor-Specific(26) l=12 vnd=Microsoft(311)
AVP: t=Vendor-Specific(26) l=15 vnd=Hewlett-Packard(11)
------- --------
------------------------------
Eyðun Eli Jacobsen
------------------------------