Re: IOS Client Supported TLS Versions

stevej3295 · ‎02-14-2024

IOS XE client connection attempts to our LDAPS and RADSEC servers are attempting to initiate SSLv3 or TLSv1 connections and failing due to SSLv3 and TLSv1 being disabled in our environment. We cannot enable SSLv3 and TLSv1 per policy. Is there a way to configure the LDAPS and RADSEC clients to establish TLSv1.2 or TLSv1.3 connections in IOS XE? I have searched for documentation on this issue and cannot find anything.

Cisco IOS XE Software, Version 17.12.01

Rob Ingram · ‎02-14-2024

@stevej3295 RADSEC if using DTLS uses 1.2 https://community.cisco.com/t5/networking-knowledge-base/configuring-radius-over-dtls-with-cat9k-and-ise-3-0/ta-p/4438427#toc-hId--239788900

I am not sure about LDAPS either. If you can secure RADIUS can you not use this instead of LDAPS?

IOS Client Supported TLS Versions

IOS XR: BLB の host LC reload 時に BGP 等の BFD client が flap する

ACI: Mixed Versions on Cisco ACI Switches について

Flexconnect AP にて EAP-TLS 認証が失敗する問題

Secure Firewall – New Features – TLS 1.3 Decryption

Secure Client: よくあるご質問(FAQ)