Security

 View Only
last person joined: 20 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Disabling TLS 1.0/1.1

This thread has been viewed 13 times
  • 1.  Disabling TLS 1.0/1.1

    Posted Aug 18, 2022 11:48 AM
    Hello,

    We are disabling TLS 1.0/1.1 in our environment. This includes browsers, PC's, servers, etc. Will this affect my authentication in any way? We are using EAP-TLS for our authentication method. We have an authorization source for using Intune and an authentication source of AD for on-prem machines.


  • 2.  RE: Disabling TLS 1.0/1.1

    Posted Aug 18, 2022 06:09 PM
    It could.  Do you have any old clients that may not support TLS 1.2?


  • 3.  RE: Disabling TLS 1.0/1.1

    EMPLOYEE
    Posted Aug 19, 2022 04:24 AM
    You may for clients that you are not sure about run a (wireless) packet capture and check the TLS version used:

    I see occasionally issues after disabling TLS1.0/1.1, but those are in general old devices. Windows 10/11, versions of iOS/Android that are not older than let's say 5-8 years, should all support TLS1.2.

    EDIT: I just see this article that even states that ClearPass 6.9 and up have TLS1.0/1.1 disabled by default.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------