cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2603
Views
20
Helpful
10
Replies
tenorabile
Beginner

Does Cisco's ESA support TLS 1.3?

I haven't been able to find any details on when/how Cisco will support TLS 1.3 on the email security devices. Any links you can share?

 

Thank you,

Jason

1 ACCEPTED SOLUTION

Accepted Solutions
Mathew Huynh
Cisco Employee

Hello all,

 

Please note timelines may change if circumstances come up to affect it, but at the moment of this email - it's tracking for Version 14 of AsyncOS on the ESA. (No further information is available on potential dates however at this stage).

 

I believe we're pending on releasing ESA version 13 GD at the moment.

 

Regards,

Mathew

View solution in original post

10 REPLIES 10
balaji.bandi
VIP Expert

When i was looking for WSA/ESA , it was not supported and it was still in Draft, I have not checked recently 12.X might have support.

 

https://blogs.cisco.com/security/tls-version-1-3-change-is-here-and-encrypted-traffic-analytics-has-got-your-back



BB


*** Rate All Helpful Responses ***

Thank you for the reply! I saw that article but it doesn’t give timetables for ESA support. We are at AsyncOS 12.5 now – perhaps 13 will support it.


WSA 12.x that is currently in beta does support TLS 1.3.
Ken Stieers
Engager

I'm in the beta for 13.5. It's not there yet...

and just checking traffic last 30 days, we got ) TLS v1.3 messages so far, guess we have a bot of time

Mathew Huynh
Cisco Employee

Hello all,

 

Please note timelines may change if circumstances come up to affect it, but at the moment of this email - it's tracking for Version 14 of AsyncOS on the ESA. (No further information is available on potential dates however at this stage).

 

I believe we're pending on releasing ESA version 13 GD at the moment.

 

Regards,

Mathew

View solution in original post

Hi Mathew,

 

The release notes of ESA 14 don´t show any information regarding TLSv1.3. Is support for TLSv1.3 pushed back to later versions of ESA?

 

Regards,

Paddy

svgeorgi
Cisco Employee

There is an enhancement request filed for TLSv1.3 here:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf81830

Its status is still marked "Open" as of the current moment. Would suggest to subscribe for any changes regarding it.

Thanks. I subscribed.

 

Do you happen to know where I can find additional information regarding a timeline for TLSv1.3? The release notes of AsyncOS 14 don't offer any clue. All that I found (using: https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa14-0/Open_Source_Used_in_AsyncOS_14-0_for_Cisco_Secure_Email_Gateway.pdf) is that this version ships with openssl 1.0.2r (as a maximum version) and that for TLSv1.3 to be supported a minumum version of 1.1.1 is needed.

svgeorgi
Cisco Employee

Unfortunately, cannot share any timelines or roadmaps for future releases of AsyncOS.

Content for Community-Ad