Wired Intelligent Edge

After updating to firmware K.16.01.0004, our 5412zl's https web admin is no longer accessible. Using all of the major browsers, I receive a TLS error. I have recreated the self-signed certificate but that did not help.

An example of the error I get is "The server rejected the handshake because the client downgraded to a lower TLS version than the server supports."

Any help would be appreciated.

Hello.  Any current browser should support TLS 1.2 and that should get chosen.  We tested all the major browsers with newly generated self-signed certs and did not see any issues.  Can you reply with the browser/versions/certifcate you used?

There is a newer config command: "tls application web-ssl lowest-version" where you could try setting the lowest version to 1.0 and see if that works.  Wouldn't recommend using 1.0 as a long term solution but it may help identify what the problem is.

We are using Firefox 45, Safari 9.03 and Chrome 48.

Issue was in "crypto suiteB-MinLoS 128 tls". We had it set to strict and that caused problems. Once we removed the stict, everything started working at TLS 1.2