If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jan 09, 2025 05:31 AM
From: U Aravind
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Hi Sri,
Greetings.
Is it same on the version on the CPPM 6.11.9?
Could you please help me with updates?
Regards
Aravind.
Original Message:
Sent: Nov 20, 2023 10:04 PM
From: Sri
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Hi All,
Finally I got update from TAC, saying that we cannot disable the ciphers because that feature is yet to be introduced in CPPM versions.
Thank you all for your valuable suggestions and reply.
Regards,
Sri
Original Message:
Sent: Nov 16, 2023 01:23 PM
From: bcondarco
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Sri is not asking to remove TLS1.2 altogether rather to remove certain suites as they are being flagged - particularly RSA. I am running into this same thing now where vulnerability scans are flagging the ability to negotiate with TLS 1.2 cipher suites including RSA.
Example:
Out of all approved TLS 1.2 Ciphers - remove all RSA options. No where was it asked to remove TLS 1.2 entirely.
List of Approved TLS 1.2 Ciphers
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
Hope this clarifies and Sri's company can keep their security staff.
Original Message:
Sent: Nov 09, 2023 06:54 AM
From: ahollifield
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Why though? TLS 1.2 isn't broken from an encryption standpoint? That's like saying we don't want any Windows 11 computers, only Windows 10 and 7. Maybe time for a new security team?
Original Message:
Sent: Nov 08, 2023 10:11 PM
From: Sri
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Hi,
That's our security requirements.
Regards,
Original Message:
Sent: Nov 08, 2023 10:03 PM
From: Unknown User
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Why? What's wrong with them?
Original Message:
Sent: 11/8/2023 8:11:00 PM
From: Sri
Subject: RE: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Hi,
Thank you for your reply, security team ask us to disable as these ciphers are not allowed in network.
Regards,
Sri
Original Message:
Sent: Nov 08, 2023 08:50 AM
From: ahollifield
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Why would you want to disable TLS 1.2?
https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.0/Content/SystemRequirements/EndOfSupport.htm
Original Message:
Sent: Nov 08, 2023 03:55 AM
From: Sri
Subject: How to disable the TLS 1.2 Cipher in Aruba ClearPass
Hi All,
Is there anyway to disable below Ciphers in the ClearPass.
The ClearPass version :6.9.13
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp521r1) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp521r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp521r1) - A
Thank you.
Sri