cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

962
Views
1
Helpful
6
Replies
Highlighted
Enthusiast

ISE 1.1 - Disable SSLv3 Guest Portal

Hello, are we able to disable SSLv3 protocol for Guest Portal in ISE1.1?

The customer is running 1.1 but upgrading to 1.4 shortly.

I have had a look at the documentation located here:

https://communities.cisco.com/docs/DOC-69521#jive_content_id_Web_Portals

My understanding that SSLv3 is deprecated, and should be using TLS1.0+

From reading the document linked above:

ISE 1.2 supports TLS 1.0, 1.1 and 1.2

ISE 1.3 and 1.4 support TLS 1.0 only

ISE 2.1 supports TLS 1.0, 1.1 and 1.2

Could you please confirm if SSLv3 can be disabled or the customer must upgrade to 1.2+ which supports the successor TLS1.0

Everyone's tags (8)
1 ACCEPTED SOLUTION

Accepted Solutions
Enthusiast

Re: ISE 1.1 - Disable SSLv3 Guest Portal

Hi,

ISE 1.4 is latest support for custoemrs with  ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-42971

View solution in original post

6 REPLIES 6
Cisco Employee

Re: ISE 1.1 - Disable SSLv3 Guest Portal

The ISE 1.2 entry should be for ISE 2.0. IIRC ISE 1.2 support SSLv3.

Nonetheless, both ISE 1.1 and 1.2 are very old so please upgrade the customer to ISE 2.0.1 or newer.

Enthusiast

Re: ISE 1.1 - Disable SSLv3 Guest Portal

A large quantity of our customer's are on the old Appliance so only 1.4 is the latest until they upgrade hardware or move to VM.

Enthusiast

Re: ISE 1.1 - Disable SSLv3 Guest Portal

Hi,

ISE 1.4 is latest support for custoemrs with  ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-42971

View solution in original post

Cisco Employee

Re: ISE 1.1 - Disable SSLv3 Guest Portal

You are correct.

Enthusiast

Re: ISE 1.1 - Disable SSLv3 Guest Portal

Okay, so I guess my question is -

Does ISE 1.4 remove SSLv3 support i.e. rather than Poodle Patch, disable completely for Portal Pages specifically Guest.

Cisco Employee

Re: ISE 1.1 - Disable SSLv3 Guest Portal

Yes, all web portals, including guest, in ISE 1.3 and 1.4.x support TLS 1.0 only.