05-16-2017 08:25 AM
Hello team,
got the following question from my customer:
I'm a little bit confused regarding the legacy SSL cipher settings within Cisco ISE.
My question is regarding the settings in the ISE GUI under: Administration > System > Settings / Protocols > Security Settings:
Enable TLS 1.0 only for legacy clients
Enable SHA-1 only for legacy clients
In the ISE GUI, the tooltip states:
Enable [TLS 1.0 | SHA-1 cipher suites] only for legacy clients for EAP-TLS, PEAP, EAP-FAST and EAP-TTLS protocols and for legacy secure services
--> So the tooltip states, that this setting acutally affects EAP protocols, which use SSL/TLS (e.g EAP-TLS and PEAP)
Contratory to this, the ISE 2.2 admin guide documentation states:
The following workflow is not affected by the Security Settings:
Cisco ISE acts as an EAP-TLS, EAP-TTLS, PEAP, or EAP-FAST server that authenticates clients to
provide them access to the network
--> The admin guide states, that these settings does not affect EAP protocols, which use SSL/TLS (e.g EAP-TLS and PEAP)
So, which statement is correct?
Thanks in advance.
Roland
Solved! Go to Solution.
05-16-2017 08:53 AM
The ISE 2.2 admin guide is correct and we have also updated it in the ISE 2.2 admin web UI (see the video below). I believe all our ISE admin guides showing the correct info.
05-16-2017 08:53 AM
The ISE 2.2 admin guide is correct and we have also updated it in the ISE 2.2 admin web UI (see the video below). I believe all our ISE admin guides showing the correct info.
05-17-2017 11:19 PM
Hi Roland and "hslai",
thank you so much for bringing light into this.
There is also an open topic in the Supportforums:
https://supportforums.cisco.com/discussion/13291721/ise-legacy-cipher-suites
I'll share this finding there as well
10-14-2021 06:02 AM
I know this post is old, but do you have a updated link for the Video? It's not found when I click on it.
05-16-2017 12:37 PM
Please provide direct links to any incorrect documents so we can forward to our Docs team.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: