topic IOS Client Supported TLS Versions in Network Access Control https://community.cisco.com/t5/network-access-control/ios-client-supported-tls-versions/m-p/5018395#M587339 <P>IOS XE client connection attempts to our LDAPS and RADSEC servers are attempting to initiate SSLv3 or TLSv1 connections and failing due to SSLv3 and TLSv1 being disabled in our environment.&nbsp; We cannot enable SSLv3 and TLSv1 per policy.&nbsp; Is there a way to configure the LDAPS and RADSEC clients to establish TLSv1.2 or TLSv1.3 connections in IOS XE?&nbsp; I have searched for documentation on this issue and cannot find anything.</P><P>Cisco IOS XE Software, Version 17.12.01</P> Wed, 14 Feb 2024 18:17:30 GMT stevej3295 2024-02-14T18:17:30Z IOS Client Supported TLS Versions https://community.cisco.com/t5/network-access-control/ios-client-supported-tls-versions/m-p/5018395#M587339 <P>IOS XE client connection attempts to our LDAPS and RADSEC servers are attempting to initiate SSLv3 or TLSv1 connections and failing due to SSLv3 and TLSv1 being disabled in our environment.&nbsp; We cannot enable SSLv3 and TLSv1 per policy.&nbsp; Is there a way to configure the LDAPS and RADSEC clients to establish TLSv1.2 or TLSv1.3 connections in IOS XE?&nbsp; I have searched for documentation on this issue and cannot find anything.</P><P>Cisco IOS XE Software, Version 17.12.01</P> Wed, 14 Feb 2024 18:17:30 GMT https://community.cisco.com/t5/network-access-control/ios-client-supported-tls-versions/m-p/5018395#M587339 stevej3295 2024-02-14T18:17:30Z Re: IOS Client Supported TLS Versions https://community.cisco.com/t5/network-access-control/ios-client-supported-tls-versions/m-p/5018408#M587342 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1683055">@stevej3295</a> RADSEC if using DTLS uses 1.2 <A href="https://community.cisco.com/t5/networking-knowledge-base/configuring-radius-over-dtls-with-cat9k-and-ise-3-0/ta-p/4438427#toc-hId--239788900" target="_blank">https://community.cisco.com/t5/networking-knowledge-base/configuring-radius-over-dtls-with-cat9k-and-ise-3-0/ta-p/4438427#toc-hId--239788900</A></P> <P>I am not sure about LDAPS either. If you can secure RADIUS can you not use this instead of LDAPS?</P> Wed, 14 Feb 2024 18:34:47 GMT https://community.cisco.com/t5/network-access-control/ios-client-supported-tls-versions/m-p/5018408#M587342 Rob Ingram 2024-02-14T18:34:47Z