Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
2
Replies

ciso ise

bluesea2010
Level 5
Level 5

‎04-16-2023 10:58 PM

Hi,

How to do the below  in cisco ise 

disable  TLS Version 1.1 Protocol 

SSL/TLS Diffie-Hellman Modulus  from  1024 Bits to 2048 bits

 

cisco ise fips mode.JPG

Do I need to enable fips mode  to disable tls  1.1?

What is the impact of enabling fips mode 

Thanks

 

0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎04-16-2023 11:13 PM

Hi

 In ISE 2.4 is possible. 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769 

Previous is not 

FIPS is used for advanced security environment usually government environment.  Enable this can have impact in other features.  Read the  documentation before enable FIPS. 

0 Helpful

Marcelo Morais
VIP
VIP

‎04-17-2023 08:33 PM - edited ‎04-17-2023 09:02 PM

Hi @bluesea2010 ,

 disable TLS at Administration > Settings > Security Settings, remember that:

Changing TLS.png

 you don't need to disable FIPS to disable TLS.

 

You are able to FIPS Mode = Enabled at Administration > Settings > FIPS Mode.

Impacts of Enabling FIPS:

1st "... will cause an Application Server restart on ALL Deployment Nodes ...":

Enabling FIPS.png

IMPORTANT: FIPS can not be enabled until you remove/edited ALL Allowed Protocols configured to use non-FIPS Compliant ... after FIPS Mode = Enabled and after clicking the Save button, you are able to check the non-FIPS Compliant protocols?

Allow Protocols Non-FIPS Compliant Protocols.png

 

 2nd ... please take a look at: Enabling FIPS on ISE & potential impact.

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents