Header Only - DO NOT REMOVE - Extreme Networks
Question

Can I disable TLS 1.0 on NAC?

  • 28 September 2018
  • 6 replies
  • 1131 views

Userlevel 5
Badge
Hello,

is there a possibility to disable TLS 1.0 on NAC (maybe via Appliance Properties)?

This is a demand of some security officers.

The goal here is that the clients are not offered TLS 1.0 during the connection negotiation.

Best regards
Stephan

6 replies

Userlevel 4
Hello,

We are checking with Engineering on this.

Thank you.

-Scott Keene
NMS/NAC Support
Extreme GTAC

Userlevel 6

To answer this question, TLS 1.0 is disabled in NAC version 8.2 or higher.

I’m running 8.4.3.24 and I just noticed that our internal vulnerability scanner still flagged our NAC appliance as supporting TLS 1.0 and 1.1.  I have the same requirements from security officers as mentioned above and was wondering if there was a way to confirm (prove) that it disabled.
 

Userlevel 6

Hi Michael,

 

disabling can be done with an engine property, it is mentioned in below article.

https://gtacknowledge.extremenetworks.com/articles/Q_A/000043144

 

In my lab I can see TLS 1.0 is still supported on 8.4.3.24

 

Hmm… Doesn’t look like it is working for me.  I can’t save after trying to add the value.

I take it back, don’t know what happened the first time around but this worked the second time I tried it.
We’ll rescan and see if anything changes.

Thanks,
Mike

Reply