04-16-2023 10:58 PM
Hi,
How to do the below in cisco ise
disable TLS Version 1.1 Protocol
SSL/TLS Diffie-Hellman Modulus from 1024 Bits to 2048 bits
Do I need to enable fips mode to disable tls 1.1?
What is the impact of enabling fips mode
Thanks
04-16-2023 11:13 PM
Hi
In ISE 2.4 is possible.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769
Previous is not
FIPS is used for advanced security environment usually government environment. Enable this can have impact in other features. Read the documentation before enable FIPS.
04-17-2023 08:33 PM - edited 04-17-2023 09:02 PM
Hi @bluesea2010 ,
disable TLS at Administration > Settings > Security Settings, remember that:
you don't need to disable FIPS to disable TLS.
You are able to FIPS Mode = Enabled at Administration > Settings > FIPS Mode.
Impacts of Enabling FIPS:
1st "... will cause an Application Server restart on ALL Deployment Nodes ...":
IMPORTANT: FIPS can not be enabled until you remove/edited ALL Allowed Protocols configured to use non-FIPS Compliant ... after FIPS Mode = Enabled and after clicking the Save button, you are able to check the non-FIPS Compliant protocols?
2nd ... please take a look at: Enabling FIPS on ISE & potential impact.
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide