03-10-2017 06:13 AM
We run the latest version of the AnyConnect client and notice
SSL tunnel uses TLS 1.2 encapsulation
DTLS tunnel uses DTLS 1.0 encapsulation.
Research shows TLS 1.0 is not PCI complaint; where does DTLS 1.0 fit in here?
Is there a way or need to migrate from DTLS 1.0 to DTLS 1.2?
Thank you
Frank
Solved! Go to Solution.
03-10-2017 10:33 AM
DTLS 1.0 is comparable to TLS1.1, not TLS1.0. Although DTLS 1.2 is standardized for quite some time, it's not implemented in the ASA (as of version 9.7).
03-10-2017 10:33 AM
DTLS 1.0 is comparable to TLS1.1, not TLS1.0. Although DTLS 1.2 is standardized for quite some time, it's not implemented in the ASA (as of version 9.7).
03-10-2017 10:55 AM
Hi Karsten,
Yes I just did see a document stating DTLS 1.0 is based on TLS 1.1 standard and thus DTLS 1.0 appears to be fine. Thank you for confirming though!
I guess we will look forward to the AnyConnect client update sometime in the future.
Thanks
Frank
11-08-2018 04:00 AM
Cisco has enabled TLS v1.2 support for DTLS based VPN connection with the AOS 9.10 code trail. To establish DTLS based VPN connections using TLS v1.2 you need to use the Cisco AnyConnect 4.7 client which is not (yet) officially released but available as alpha (or beta) version.
06-03-2021 06:45 AM
Hi What's the most secure setting to use here:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide