Still does not answer who is not up to the TLS 1.2 standard, right ? ClearPass or Zoll.There should be at least one indicator / parameters in the packet capture that we can see to conclude "oh this device does not support TLS 1.2" sort of.This is what I am asking actually: what is the value that we should look for at the pcap ?Anyone has any idea ?
Zoll US replied:
"R&D have confirmed that the AED3 certainly does work in environments where TLS 1.0 is disabled. However, the test environments they have validated this in are Cisco and freeRadius. In this case the customer is using ClearPass, it might be the case that there is something in the configuration of ClearPass that is the issue here. They have suggested that the customer also check with ClearPass as there might be a known issue that causes this in some circumstances.
For further investigation it would also be good to know the network setup and the make and model of the equipment being used."
Hi, I think you'll need to make a packet capture where you can find out where the tls negotiation is breaking and that may give you an idea where to go next.
Wild guess: The AED3 and Clearpass don't have a common cipher in TLS1.1.
Can you get the suppported ciphers by the AED3 device?
I hope this helps
TAC in my case # 5366264084 was able to confirm if their device (Zoll) use non-TLS 1.2 to establish handshake, but the vendor insist they use TLS 1.2 to do handshake and our FIPS-enabled server is causing the issue.
So they ask us to test with FIPS-disabled environment, but then everyone in my team said I do not need to bother about this because FIPS has nothing to do with TLS 1.2 thingy.
Is this true ?
Any suggestion what we should suggest Zoll to check to their internal team ?
PS: Our customer wants to enable FIPS-mode and disable TLS 1.0 and 1.1 due to their hardening standard.
Opened another TAC case 5373841178 for this, and I ask here about this to get a rough answer first.
True but yes this really sounds like Zoll is the culprit here.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.