Security

Hi Guys, just want to ask if in CPPM 6.6.7, can disable TLS 1.0 and TLS 1.1 support? I can only see to disable TLS 1.0 but how about TLS 1.1.

Thanks

Cluster wide parameters 

This is a screen shot of 6.7.1 but release notes says it was introduced in 6.6.3

l A new cluster-wide parameter lets you enable or disable TLS v1.1. To use this feature, go to the Administration > Server Manager > Server Configuration > 

Hi tarnold, in my version 6.6.7 I only see Disable TLS 1.0. Do I need to upgrade?

No, I just check a 6.6.7 and it is listed. 

sorry, I saw it now. I overlooked it. thanks

Even disabling TLS 1.0 in cluster wide parameters (ALL) can have wide impact in unmanaged mac environment (college student owned), as I have found out today. Older Macs and Windows 8 could not connect to 802.1x peap even with re-adding the network. It broke on 10.12.6 and didn't break on 10.14. Not sure about in between those versions. As soon as I rolled back the setting on clearpass, most clients reconnected automatically. Some clients needed to forget network and re-add after I reverted the clearpass setting.

Looks like I'll be updating the stated minimum requirements documentation for new student macs and hope to make the change in the summer.

We are running 6.5.4.3 on a 7210 controller.  I can not find anywhere to allow or disallow TLS 1.0.  I want to disable TLS 1.0 and enable TLS 1.1 and up but I am not finding it anywhere in the GUI.  Should I be considering doing a firmware upgrade to get those commands?