05-16-2017 08:25 AM
Hello team,
got the following question from my customer:
I'm a little bit confused regarding the legacy SSL cipher settings within Cisco ISE.
My question is regarding the settings in the ISE GUI under: Administration > System > Settings / Protocols > Security Settings:
Enable TLS 1.0 only for legacy clients
Enable SHA-1 only for legacy clients
In the ISE GUI, the tooltip states:
Enable [TLS 1.0 | SHA-1 cipher suites] only for legacy clients for EAP-TLS, PEAP, EAP-FAST and EAP-TTLS protocols and for legacy secure services
--> So the tooltip states, that this setting acutally affects EAP protocols, which use SSL/TLS (e.g EAP-TLS and PEAP)
Contratory to this, the ISE 2.2 admin guide documentation states:
The following workflow is not affected by the Security Settings:
Cisco ISE acts as an EAP-TLS, EAP-TTLS, PEAP, or EAP-FAST server that authenticates clients to
provide them access to the network
--> The admin guide states, that these settings does not affect EAP protocols, which use SSL/TLS (e.g EAP-TLS and PEAP)
So, which statement is correct?
Thanks in advance.
Roland
Solved! Go to Solution.
05-16-2017 08:53 AM
The ISE 2.2 admin guide is correct and we have also updated it in the ISE 2.2 admin web UI (see the video below). I believe all our ISE admin guides showing the correct info.
05-16-2017 08:53 AM
The ISE 2.2 admin guide is correct and we have also updated it in the ISE 2.2 admin web UI (see the video below). I believe all our ISE admin guides showing the correct info.
05-17-2017 11:19 PM
Hi Roland and "hslai",
thank you so much for bringing light into this.
There is also an open topic in the Supportforums:
https://supportforums.cisco.com/discussion/13291721/ise-legacy-cipher-suites
I'll share this finding there as well
10-14-2021 06:02 AM
I know this post is old, but do you have a updated link for the Video? It's not found when I click on it.
05-16-2017 12:37 PM
Please provide direct links to any incorrect documents so we can forward to our Docs team.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide