cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5213
Views
1
Helpful
6
Replies

CSCwb77915 - Toggle to enable/disable RSA PSS cipher

jan.murin
Level 1
Level 1

Hi everyone,

was the toggle implemented? Trying to find it, but no luck.

Thanks

6 Replies 6

LordOfThePings
Level 1
Level 1

Bump... I am not seeing it either.  We had the work-around applied and I am trying to figure out if P6 ignores it based on the new configuration before applying it. 

 

Thanks

AndersM
Level 1
Level 1

Another Bump.

We have the same problem. We are doing a POC on Cisco ISE and Meraki WIFI. Part of our PC fleet can`t connect to WIFI. 
If i remove RSS PSA cipher on device, it will connect.


We are running ISE 3.1 Patch 5.

LordOfThePings
Level 1
Level 1

So this is what we discovered...  The original work-around for this had to be applied by TAC because it required root access to each PSN.  If you had that implemented previously and then applied P6, it would revert those changes back to the baseline.  To "reimplement" the work-around, you have to do it via the CLI.  Use "app configure ise" and select option "[33] Enable/Disable/Current_status of RSA_PSS signature for EAP-TLS".  From what I gathered from TAC, once this is implemented, it should stay implemented for future patches...but we shall see.    Cisco's documentation / release notes suck... (shocker, I know).

In Cisco's defense, this isn't to fix any bug in ISE - the bug is actually in the TPM.  They are just creating a work-around for customers.  

Matt

LordOfThePings
Level 1
Level 1

Anders... I guess to answer your question, just apply P6 and use the CLI work-around above and you will be fixed. 

Matt

Hi Matt,


Thanks alot for your respones. We will give it a go.

Hi Matt,

Just wanted to let you know that the issue is now resolved. Thanks for the fix