Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
781
Views
5
Helpful
1
Replies

Cisco ISE and TLS version negotation

AdamBogdan26228
Level 1
Level 1

‎04-27-2022 12:45 AM

Hi
I have Cisco ISE with AnyConnect supplicant. I would like to move completely to TLS1.2 only but as I checked some users are still connecting via TLS1 and others via TLS1.2 (yeah, in ISE all TLS versions are still enabled). As users connecting to the same ISE with the same settings in AnyConnect I guess that TLS version is negotiated by Windows. Could someone confirm that my thinking is correct ? Additionaly - this is not Cisco question - but anyone know how to check why Windows is negotiating TLS1 ? Is it because of some registry settings/etc. ?

0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-27-2022 05:08 AM

This may assist:

---

https://support.microsoft.com/en-us/help/3121002/windows-10-devices-can-t-connect-to-an-802-1x-environment

Change tls version on windows host:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13

TLS version DWORD value
TLS 1.0 0xC0
TLS 1.1 0x300
TLS 1.2 0xC00

Customers Also Viewed These Support Documents