Security

Hello everyone,

we're already using an RadSec connection to an external Authentication server. The provider of the external server will now shut down support for TLS 1.1.
The questions are now:
Which TLS versions does ClearPass support with RadSec?
Is it possible to see the negotiated TLS verison somehow?
And is it possible to manually configure the used TLS version?

Hi,

You can configure on ClearPass the version and for me supporting TLS 1.0, 1.1 and 1.2

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: May 20, 2021 06:23 AM
From: Martin K�rner
Subject: ClearPass: RadSec TLS version?

Hello everyone,

we're already using an RadSec connection to an external Authentication server. The provider of the external server will now shut down support for TLS 1.1.
The questions are now:
Which TLS versions does ClearPass support with RadSec?
Is it possible to see the negotiated TLS verison somehow?
And is it possible to manually configure the used TLS version?

Hi alagoutte,

where is the version control located? I would expect to find it under Server Configuration -> Service Parameters -> RadSec Service.
But our ClearPass 6.8.9 has no option there and I cannot find any changes in newer versions release notes.
Original Message:
Sent: May 20, 2021 03:47 PM
From: Alexis La Goutte
Subject: ClearPass: RadSec TLS version?

Hi,

You can configure on ClearPass the version and for me supporting TLS 1.0, 1.1 and 1.2

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: May 20, 2021 06:23 AM
From: Martin K�rner
Subject: ClearPass: RadSec TLS version?

Hello everyone,

we're already using an RadSec connection to an external Authentication server. The provider of the external server will now shut down support for TLS 1.1.
The questions are now:
Which TLS versions does ClearPass support with RadSec?
Is it possible to see the negotiated TLS verison somehow?
And is it possible to manually configure the used TLS version?

Please work with Aruba Support for an answer to all of these questions, or if you have a local Aruba SE use her/him for that.
I did not see that information publicly posted (not internally either btw).

Don't think you can manually configure the version.
Would not expect any issues when the remote Radsec server shuts down TLS v1.1.

(I think you opened a TAC case yesterday... and already got the confirmation that TLS 1.2 is supported for Radsec)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: May 20, 2021 06:23 AM
From: Martin K�rner
Subject: ClearPass: RadSec TLS version?

Hello everyone,

we're already using an RadSec connection to an external Authentication server. The provider of the external server will now shut down support for TLS 1.1.
The questions are now:
Which TLS versions does ClearPass support with RadSec?
Is it possible to see the negotiated TLS verison somehow?
And is it possible to manually configure the used TLS version?

Thank you for your answer Herman, I just thought I missed the information somewhere.
Actually It was not me with the case, but yes we're still working with TAC on that.
Original Message:
Sent: May 21, 2021 11:21 AM
From: Herman Robers
Subject: ClearPass: RadSec TLS version?

Please work with Aruba Support for an answer to all of these questions, or if you have a local Aruba SE use her/him for that.
I did not see that information publicly posted (not internally either btw).

Don't think you can manually configure the version.
Would not expect any issues when the remote Radsec server shuts down TLS v1.1.

(I think you opened a TAC case yesterday... and already got the confirmation that TLS 1.2 is supported for Radsec)

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: May 20, 2021 06:23 AM
From: Martin K�rner
Subject: ClearPass: RadSec TLS version?

Hello everyone,

we're already using an RadSec connection to an external Authentication server. The provider of the external server will now shut down support for TLS 1.1.
The questions are now:
Which TLS versions does ClearPass support with RadSec?
Is it possible to see the negotiated TLS verison somehow?
And is it possible to manually configure the used TLS version?