Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

ProCurve TLS Support

This thread has been viewed 0 times
  • 1.  ProCurve TLS Support

    Posted Sep 03, 2016 10:13 AM

    Hello,

    Three questions:

    1.) Does there exist a reference matrix depicting the TLS level supported by various HP switches?

    2.) It appears, even with the latest firmware, that the HP 2810-48G (J9022A) does not support anything later than TLS 1.0  Can someone confirm this? 

    3.) Is there any determinant, other than simply the decision not to implement it in firmware, for which a given switch does not offer the latest TLS support? 

    Thank You,

    Dale


    #SSL


  • 2.  RE: ProCurve TLS Support

    EMPLOYEE
    Posted Sep 06, 2016 02:45 PM

    Howdy,

    I am sure if you speak to your local HPE/Aruba presales contact they would be able to find out the latest and greatest versions of TLS supported if you gave them the models that you have currently deployed in your Enterprise. 

    If you have a 2810 it is probably well worth bringing up to date on a regular basis just as proactive defence against bugs. There is new firmware as of August 2016 - might be worth a look. The 2810 started life in about 2007 and only went End of Sale just over three years ago so it still has a little while yet before the "end of Engineering support" date. 

    Pure supposition - Maybe the chipset doesn't support hardware acceleration of more recent ciphers and protocols and maybe the performance would have been impacted and that's why ultimately that line turned into the 2530 series? It did put in a six year tour of duty which is more than most :-) 

    If you absolutely need to access the Web Management in a secure manner to pass an audit or suchlike, have you looked into putting a gateway box at the head of your switch management network (making it not accessible via any other means) and build a simple SSH tunnel or VPN service (linux based appliance or VM?) to access the devices. 

    Alternatively put a network management server (IMC?)  in front of the infrastructure, disable telnet etc and talk to the switches using only ssh and SNMPv3. 

    Hope that gives you some ideas. Don't be afraid of the "Kudos" and "solved" buttons if you are reading these forums and find a post helpful / informative / amusing.  

    Let us know what you find out and, if needed, what steps you plan to take to meet the audit requirement.

    Thanks

    Ian