Solved: Re: ISE 1.1 - Disable SSLv3 Guest Portal

joshhunter · ‎02-07-2017

Hello, are we able to disable SSLv3 protocol for Guest Portal in ISE1.1?

The customer is running 1.1 but upgrading to 1.4 shortly.

I have had a look at the documentation located here:

My understanding that SSLv3 is deprecated, and should be using TLS1.0+

From reading the document linked above:

ISE 1.2 supports TLS 1.0, 1.1 and 1.2

ISE 1.3 and 1.4 support TLS 1.0 only

ISE 2.1 supports TLS 1.0, 1.1 and 1.2

Could you please confirm if SSLv3 can be disabled or the customer must upgrade to 1.2+ which supports the successor TLS1.0

joshhunter · ‎02-14-2017

Hi,

ISE 1.4 is latest support for custoemrs with ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

hslai · ‎02-13-2017

The ISE 1.2 entry should be for ISE 2.0. IIRC ISE 1.2 support SSLv3.

Nonetheless, both ISE 1.1 and 1.2 are very old so please upgrade the customer to ISE 2.0.1 or newer.

joshhunter · ‎02-13-2017

A large quantity of our customer's are on the old Appliance so only 1.4 is the latest until they upgrade hardware or move to VM.

joshhunter · ‎02-14-2017

Hi,

ISE 1.4 is latest support for custoemrs with ISE-3315, ISE-3355 and ISE3395, after that version 2.x requres Appliances to be SNS-34xx

hslai · ‎02-14-2017

You are correct.

joshhunter · ‎02-14-2017

Okay, so I guess my question is -

Does ISE 1.4 remove SSLv3 support i.e. rather than Poodle Patch, disable completely for Portal Pages specifically Guest.

hslai · ‎02-14-2017

Yes, all web portals, including guest, in ISE 1.3 and 1.4.x support TLS 1.0 only.