How can I see the Ciphers supported in TLS1.2 in ISE V. 3.2 P.4?

sergio.minor · ‎11-15-2024

I need to see if ISE version 3.2 P4 supports the following ciphers:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009C)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)

I've already entered the following menu "Administration > System > Settings > Security Settings" but I can't see this information, is there any other way to check it?

marce1000 · ‎11-16-2024

- FYI
% nmap --script ssl-enum-ciphers -p 443 ise-server-name

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Karsten Iwen · ‎11-16-2024

What do you want to achieve? And yes, they are supported (the first on your list is what 90% of my clients are using).

But don't forget that "supported for TLS" does not automatically mean "supported for EAP-TLS".

Arne Bier · ‎11-18-2024

Exactly as Karsten said - the TLS ISE support for https services is not the same as the TLS ISE support for EAP methods. E.g. TLS 1.3 supported on Admin web server, but not in EAP methods unless you are running at least ISE 3.3p3 - and even then, guest/BYOD web portals are still TLS 1.2 on all versions. In other words, it depends what part of ISE you're checking.