cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1292
Views
1
Helpful
6
Replies
Highlighted
Enthusiast

ISE 1.1 - Disable SSLv3 Guest Portal

Hello, are we able to disable SSLv3 protocol for Guest Portal in ISE1.1?

The customer is running 1.1 but upgrading to 1.4 shortly.

I have had a look at the documentation located here:

https://communities.cisco.com/docs/DOC-69521#jive_content_id_Web_Portals

My understanding that SSLv3 is deprecated, and should be using TLS1.0+

From reading the document linked above:

ISE 1.2 supports TLS 1.0, 1.1 and 1.2

ISE 1.3 and 1.4 support TLS 1.0 only

ISE 2.1 supports TLS 1.0, 1.1 and 1.2

Could you please confirm if SSLv3 can be disabled or the customer must upgrade to 1.2+ which supports the successor TLS1.0

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

ISE 1.4 is latest support for custoemrs with  ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-42971

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

The ISE 1.2 entry should be for ISE 2.0. IIRC ISE 1.2 support SSLv3.

Nonetheless, both ISE 1.1 and 1.2 are very old so please upgrade the customer to ISE 2.0.1 or newer.

Highlighted

A large quantity of our customer's are on the old Appliance so only 1.4 is the latest until they upgrade hardware or move to VM.

Highlighted

Hi,

ISE 1.4 is latest support for custoemrs with  ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-42971

View solution in original post

Highlighted

You are correct.

Highlighted

Okay, so I guess my question is -

Does ISE 1.4 remove SSLv3 support i.e. rather than Poodle Patch, disable completely for Portal Pages specifically Guest.

Highlighted

Yes, all web portals, including guest, in ISE 1.3 and 1.4.x support TLS 1.0 only.