cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
10
Helpful
11
Replies

TLS v1.2 Weak Cipher suites on PSN

oumodom
Level 1
Level 1

Dear Cisco ISE, 

Currently we have vulnerability scan within our lab and found the weak cipher suites as below:

oumodom_0-1736497400816.png

Please let us know if we are running the weak cipher suites above or not? 
Does ISE only use the CBC or GCM if we are running EAP-TLS and MSCHAPv2? 
If the supplicant is Windows 11 with Secure Client, so it automatically runs TLS v1.2? 

1 Accepted Solution

Accepted Solutions

Arne Bier
VIP
VIP

Out of curiosity, what version of ISE are you using?  Are you able to configure TLS 1.3 for your test?  It appears that you can't disable TLS 1.2 though.

What Security Settings are in place during your test?

ArneBier_0-1736545451368.png

You can also manually configure the ciphers if needed ...

ArneBier_1-1736545576950.png

 

 

 

View solution in original post

11 Replies 11

@oumodom from ISE 3.3 you can select ciphers to enable/disable. The guide below has a list of supported ciphers and describes how to select the ciphers to use.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-33/221570-configure-ciphers-in-ise-3-3-and-later.html

 

Arne Bier
VIP
VIP

Out of curiosity, what version of ISE are you using?  Are you able to configure TLS 1.3 for your test?  It appears that you can't disable TLS 1.2 though.

What Security Settings are in place during your test?

ArneBier_0-1736545451368.png

You can also manually configure the ciphers if needed ...

ArneBier_1-1736545576950.png

 

 

 

Please note that currently this configuration not relevant for ISE as EAP server

@mbuzaglo Could you elaborate more with your idea? 

Arne Bier
VIP
VIP

Regarding the EAP Server component in ISE, you asked the questions:

  • Does ISE only use the CBC or GCM if we are running EAP-TLS and MSCHAPv2? 
    If the supplicant is Windows 11 with Secure Client, so it automatically runs TLS v1.2? 

I ran a wpa_supplicant eapol_test (version 2.10) test against ISE 3.4 p1 and captured the Server Hello from ISE. By default, the eapol_test client will try TLS 1.2 during the Client-Hello (which is consistent with most OS supplicants) - and ISE responds accordingly:

ArneBier_2-1736546459841.png

 

In ISE Live Logs Details pane:

ArneBier_4-1736547248184.png

 

 

 

With eapol_test, you can force TLS versions to test the EAP server support. I did that by disabling all TLS versions except 1.3 and ISE supports it (ISE 3.4 p1) - whether Windows/iOS/MAC/SecureClient supplicants support this, is not clear to me:

ArneBier_5-1736547397240.png

 

 

ArneBier_3-1736546999308.png

 

Here is my eapol_test config file

eapol_version=3
network={
         phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0"
         ssid="example"
         bssid=00:11:22:33:44:55
         proto=WPA
         key_mgmt=WPA-EAP
         eap=TLS
         identity="host/demopc.rnlab.local"
         #ca_cert="/home/abier/wpa/RNLAB-ROOTCA.pem"
         client_cert="/home/abier/wpa/demopc.cert"
         private_key="/home/abier/wpa/demopc.key"
         eapol_flags=3
}

 

 

So helpful for my inquiry @Arne Bier as our ISE LAB, running v3.1 P9. 
I can see mine is using TLS v1.2 with TLSCipher ECDHE-RSA-AES256-GCM-SHA384

So how to list all cipher suites which cisco ise in CLI ? and how to disable such weak cipher suites below? 

oumodom_0-1736759806649.png

 

You can't manage the TLS ciphers through the ISE CLI. You must do that through the GUI (please see the screenshots I posted earlier). The ISE CLI allows you to manage the SSH protocols a bit better.

As from lab I configured, as noticed Ciphersuite depend on supplicant selective which from Client hello message, not from Cisco ISE selective.

If so if there any standard workflow/document from cisco to be selected the best one on ciphersuite between endpoint and ISE? and any mentioned on endpoint which running secure client agent is require TLS v1.2 mandatory for cipher suite? 

I raised up this idea because in case, endpoint/supplicant having hello message with weak cipher suite, there will be breakable for attacker.

what is your idea @Arne Bier  @Rob Ingram  for above concern? 

please refer to figure below.
There are 21 cipher suites from endpoint on Client Hello. 

oumodom_1-1737520607673.png

While Server Hello provided the highest one to endpoint on cipher. 

oumodom_2-1737520745572.png

 



 

I don't know what the RFC says (maybe need to research that a bit) but it was my understanding that it's the Authenticating Server (ISE) that has the final say, after it compares the Client Hello capabilities against its own - and in the ISE code there must be some ranking that takes the best of the available ciphers. All we can do in the ISE GUI is to deselect the ones we don't want to use (even if the client supports them).  Whatever ciphers remain in the list of candidates will determine the winner - and I don't know how ISE selects - I would hope it's following some industry standard that e.g. prefers GCM over CBC etc.

Are you satisfied with what you see in the Server Hello, or did you expect a different result?

I don't think TLS 1.2 is susceptible to a downgrade attack.  If you want an excellent guide on TLS, you should check out the work by Ed Harmoush. He has some great videos and podcast appearances and also offers paid for training on TLS (for the ultimate TLS nerds).  Check out his talk on TLS 1.3 on this packet pushers podcast episode. He would know the answer to this instantly.

I have no objection on your idea and would make scenes on decision making from ise, not from endpoint.
What the priority/order on cipher suites is key to be documented from cisco vendor.

The best we have is what's mentioned in Admin Guide under Cipher Suites. But the order in selection is not mentioned. Perhaps it's obvious that 384 will be chosen over 256 etc. And also, you can elect to disable RSA and use ECDSA instead - so by constraining the ISE supported ciphers to suit your organization's needs. This of course will only work if your end devices supports what ISE supports. It looks like ISE has a very good and up to date cipher suite.

Regarding the documentation, at the very top of the link I posted above, you can give Cisco direct feedback to please clarify this process

ArneBier_0-1737579236946.png