Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1659
Views
35
Helpful
2
Replies

ISE TLS 1.0 Report

Go to solution
AhmedALJAWAD44875
Level 1
Level 1

‎07-06-2022 07:11 AM

Hi All, 

 

  is there any way I can see what users are using TLS1.0 and export that to excel? or maybe if there is an API that can report that? reporting

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-06-2022 05:38 PM

This is something that's very easy to do enterprise wide if you have Cisco Secure Network Analytics formerly known as Stealthwatch. There is a crypto audit functionality specific for this use case. But if you don't have that deployed then it's not going to be quick/easy to use since it requires deploying the application and NetFlow config. 

From strictly a client + ISE authentication perspective it's not something you'll be able to report out of ISE directly. If you're sending the radius authentication logs to Splunk then you can key off the TLSVersion="TLSv1" attribute you see in the live log details. This allows you to build a query that locates all endpoints using TLS v1/1.1/1.2/1.3 as you desire. 

 

tls.JPGtls-2.JPG

View solution in original post

2 Replies 2

Go to solution
ahollifield
VIP
VIP

‎07-06-2022 11:54 AM

Do you mean when talking to ISE?  ISE will only be able to see the TLS versions for traffic destined to ISE.  It won't be able to see TLS versions for all traffic from an endpoint for example. 

Is TLS 1.0 even enabled on your ISE deployment? Admin>System>Settings>Protocols>Security Settings.  TLS 1.0 has been disabled by default in ISE since 2.3.

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎07-06-2022 05:38 PM

This is something that's very easy to do enterprise wide if you have Cisco Secure Network Analytics formerly known as Stealthwatch. There is a crypto audit functionality specific for this use case. But if you don't have that deployed then it's not going to be quick/easy to use since it requires deploying the application and NetFlow config. 

From strictly a client + ISE authentication perspective it's not something you'll be able to report out of ISE directly. If you're sending the radius authentication logs to Splunk then you can key off the TLSVersion="TLSv1" attribute you see in the live log details. This allows you to build a query that locates all endpoints using TLS v1/1.1/1.2/1.3 as you desire. 

 

tls.JPGtls-2.JPG

Customers Also Viewed These Support Documents