cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

4490
Views
0
Helpful
9
Replies
Beginner

TLS 1.2 on WLC GUI Management Interface

Hello, I have a WLC 5508 with Software Version 8.0 and recently I installed a certificate for the Management Interface of the WLC. I can see that the connection used TLS 1.0, I want to change it to TLS 1.2. Anyone know how I can change to TLS 1.2?

I only found this document, but I think that I need to upgrade to version 8.2

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone/ssl-tls-vulnerability-response.pdf

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

I don't thing they were

I don't thing they were recommending v8.2, they were just stating what version it was fixed. The link you had is a good link to follow on what is a preferred code.  The only reason you would use another version is because of features you require or support for a new hardware. It's a trade off as to wanting features and having stability.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

View solution in original post

9 REPLIES 9
Hall of Fame Guru

TLS 1.2 is not supported on

TLS 1.2 is not supported on AireOS 8.0.

Release 8.2 added that support as documented in the release notes here:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82.html

Beginner

Thanks Marvin, It's

Thanks Marvin, It's recommended to upgrade to AireOS 8.2? This version is stable? I found a link where Cisco TAC recommended 8.0.121.0. and 8.2 is only recommended for deployments that require new features or hardware support.

http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html

Hall of Fame Master

I don't thing they were

I don't thing they were recommending v8.2, they were just stating what version it was fixed. The link you had is a good link to follow on what is a preferred code.  The only reason you would use another version is because of features you require or support for a new hardware. It's a trade off as to wanting features and having stability.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

View solution in original post

Hall of Fame Guru

Precisely - echoing Scott's

Precisely - echoing Scott's reply.

Also be sure to check your APs for code support. Some older APs will not run post-8.0 software.

Enthusiast

Re: Precisely - echoing Scott's

Too bad Cisco didn't port back TLS1.2 to 8.0 or 8.1 release.

Cisco Employee

Yes from 8.2.100 onwards.

Highlighted

Re: TLS 1.2 on WLC GUI Management Interface

Hi Team - Was anyone able to get rid of tlsv1.0?

 

Kind Regards,

VIP Collaborator

Re: TLS 1.2 on WLC GUI Management Interface

 

 - Not possible

 M.

VIP Collaborator

Re: TLS 1.2 on WLC GUI Management Interface

 

 - As informative replies where already given, for demo purposes you can use this to enumerate the supported ciphers on your controller :

                %  nmap --script ssl-enum-ciphers -p 443 controllername

 M.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards