cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live- Understanding How Multicast Works with Cisco
5101
Views
10
Helpful
10
Replies
Beginner

How do you disable TLS Version 1.0 on Cisco WLC

How do you disable TLS Version 1.0 on Cisco WLC?

10 REPLIES 10
VIP Mentor

Re: How do you disable TLS Version 1.0 on Cisco WLC

Try below command

 

(WLC) >config network secureweb cipher-option high ?

disable Don't require TLSv1.2 for web admin and web auth.
enable Require TLSv1.2 for web admin and web auth.

(WLC) >config network secureweb cipher-option high enable

 

Once you enable, it should use only TLSv1.2

 

HTH

Rasika

*** Pls rate all useful responses ***

Beginner

Re: How do you disable TLS Version 1.0 on Cisco WLC

Hi,

I have run the command

 

(WLC) >config network secureweb cipher-option high enable

 This did not disable TLSv1.0

JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS

SSL / TLS Versions Supported

This port supports TLSv1.0/TLSv1.1/TLSv1.2

 

Regards

Raj

 

VIP Mentor

Re: How do you disable TLS Version 1.0 on Cisco WLC

After enable it, have you reloaded the WLC ?

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_011.html

 

Enable or disable secure web mode with increased security by entering this command:

config network secureweb cipher-option high {enable | disable}

This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

 

HTH

Rasika

Beginner

Re: How do you disable TLS Version 1.0 on Cisco WLC

Hi,

Yes I did reload the controller after applying the command.

Cisco Tac mentioned its a bug in 8.3.143 code and will need to update to 8.5.

 

Regards

Raj

Beginner

Re: How do you disable TLS Version 1.0 on Cisco WLC

Do you have the BUG ID?

Rising star

Re: How do you disable TLS Version 1.0 on Cisco WLC

You are searching for CSCvk07479. Based on the bug details, there is no recent 8.3 (engineering) code available in which this issue is fixed. The 8.5 code-train is going to be the next "stable" and depending on your platform it might also be the latest supported code-train as well. My recommendation is to check if your hardware is still supported in 8.5. If this is still the case, I would start preparing for an upgrade. Please regular check this page as well.

 

In the meantime you might consider to restrict network access towards the management interface of the WLC with a firewall or with a CPU ACL on the controller itself.

Please rate useful post... :-)

Highlighted

Re: How do you disable TLS Version 1.0 on Cisco WLC

Team - Can anyone please confirm if there is a bug ID associated to the WLC not taking the command to disable tlsv1.0?

 

Kind Regards,

Beginner

Re: How do you disable TLS Version 1.0 on Cisco WLC

I have the same issue here, even though my WLC is running a "Fixed Version" of the software per the Bug report found here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk07479

 

Product Name..................................... Cisco Controller
Product Version.................................. 8.3.150.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 20.0

Our device is showing security vulnerabilities for running TLS1.0 but I have already run the command and reloaded, and while this resolved the problem on one of my controllers, it is not on another. They are all running the same version.

 

I need to be able to address the vulnerability, but is the fixed version info accurate if I am still having the issue running a "fixed version"?

 

VIP Advocate

Re: How do you disable TLS Version 1.0 on Cisco WLC

Please open a TAC and post the solution here if you get one.
Beginner

Re: How do you disable TLS Version 1.0 on Cisco WLC

Done and here it is:

 

Thanks for your update, In order to disable TLSv1 with this command, WLC will need to be upgraded to 8.5 version on which it'll have the effect of disabling TLSv1.0 as well:

 

From 8.3 release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_011.html

Step 4              Enable or disable secure web mode with increased security by entering this command:

config network secureweb cipher-option high {enable | disable}

This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

 

 

From 8.5 release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/administration_of_cisco_wlc.html

Step 4 

Enable or disable secure web mode with increased security by entering this command:

config network secureweb cipher-option high {enable | disable }

This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

 

When high ciphers is enabled, SHA1, SHA256, SHA384 keys continue to be listed and TLS 1.0 is disabled. This is applicable to webauth and webadmin but not for NMSP.

 

In order to solve the issue, please upgradethe  WLC to 8.5.140 version:

The AP models you are using are compatible with this code, Please find below the download link:

 

https://software.cisco.com/download/home/283848165/type/280926587/release/8.5.140.0

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards