Regular Contributor I

Disable TLSv1.0 not working on Subscribers?

Hi Everyone,


I have a cluster of appliances running 6.6.3.


In the Cluster-Wide Parameters i have setup 'Disable TLSv1.0 Support' to all.


When i do an nmap ssl-enum-ciphers scan against the publisher i see that TLS 1.0 is gone, however when scanning any subscriber, it still contains TLS1.0.


Am i missing something? I thought the cluster-wide option should apply to all servers? I am working with TAC but thought I could check here to see if others see the same thing


to scan your server use namp:


# nmap -sV --script ssl-enum-ciphers -p 443 <host>


I see the same thing in my lab.






Re: Disable TLSv1.0 not working on Subscribers?



I just tried the same and see similar behavior in my lab. Disabling TLS1.0 is effective on the publisher (I tried just for Admin instead of 'All'), not on subscribers. Tested on ClearPass 6.6.3.

Please drop me a personal message with your contact details and the case number if you find TAC has issues in replicating or filing an engineering request.


If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: