Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Turn off TLS 1.0 on Clearpass Subscribers

This thread has been viewed 12 times

  • 1.  Turn off TLS 1.0 on Clearpass Subscribers

    Posted Nov 14, 2018 11:31 AM

    We have turned off TLS 1.0 and TLS 1.1 on Clearpass, but still see it on port 5432.  According to the documentation this is used for PostgreSQLDB replication (Subscriper to publisher).  Is there a way to turn off TLS 1.0 for this service?



  • 2.  RE: Turn off TLS 1.0 on Clearpass Subscribers

    EMPLOYEE
    Posted Nov 14, 2018 11:58 AM
    TLS versions can only be disabled for user facing interfaces today (HTTP and EAP).


  • 3.  RE: Turn off TLS 1.0 on Clearpass Subscribers

    Posted Nov 14, 2018 04:41 PM

    Is there a plan to change this for the future?  I will be going through a PCI audit and having TLS 1.0 is not allowed under the current PCI standards.



  • 4.  RE: Turn off TLS 1.0 on Clearpass Subscribers

    EMPLOYEE
    Posted Nov 14, 2018 04:55 PM
    So you want to be able to control the TLS version for inter-node communication?


  • 5.  RE: Turn off TLS 1.0 on Clearpass Subscribers

    Posted Nov 14, 2018 05:07 PM

    Or a date when Aruba plans to turn off TLS 1.0. 



  • 6.  RE: Turn off TLS 1.0 on Clearpass Subscribers
    Best Answer

    EMPLOYEE
    Posted Nov 14, 2018 05:12 PM

    I would recommend reaching out to your Aruba team. Unfortunately we can't discuss roadmap in a public forum.

     

    Also, ClearPass 6.7+ should be using TLS 1.1 today.