cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3348
Views
0
Helpful
6
Replies

Cisco ISE 2.4. TLS 1.2

ccg-security
Level 1
Level 1

Hello Team,

 

We would like to know if Cisco ISE 2.4 can support tls 1.2?. if NOT, any documents?

6 Replies 6

Jason Kunst
Cisco Employee
Cisco Employee

Based on the link that you provided is for ISE to be the client only, however we need to disable the tls 1.0 and 1.1 for ISE to be the host. If we uncheck the tls 1.0 and 1.1, it will automatically use 1.2?

By unchecking tls 1.0 & 1.1 it will only use 1.2, please see the note in the admin ui

Hi based on the documents that the ISE acts a client not on server. We are pointing to the ISE Server itself.

What is New in Cisco ISE, Release 2.4
The Default TLS Version when initiating External Connections through Proxy is TLS 1.2
When the Cisco ISE acts as a client, the default protocol used for the connections initiated from it to the external entities is TLS 1.2 In this case the supported protocol will be TLS 1.2 only. In case you want to provide support for lower versions as well (which might be insecure), these versions need to be explicitly enabled from the Cisco ISE by going to the following page: Administration > System > Settings > Security Settings.

We also tried to access on the ISE 2.4 version, however it seems that TLS 1.2 can’t be allowed on the Security settings . With all the above mentioned, If TLS 1.2 is confirmed supported on the ISE 2.4 and with ISE as a host, can we allow TLS 1.2 alone on it?

Turning off 1.0 and 1.1 forces 1.2 for all communications using TLS