03-24-2016 03:43 PM - edited 07-05-2021 04:49 AM
Hello, I have a WLC 5508 with Software Version 8.0 and recently I installed a certificate for the Management Interface of the WLC. I can see that the connection used TLS 1.0, I want to change it to TLS 1.2. Anyone know how I can change to TLS 1.2?
I only found this document, but I think that I need to upgrade to version 8.2
Thanks
Solved! Go to Solution.
03-28-2016 06:22 AM
I don't thing they were recommending v8.2, they were just stating what version it was fixed. The link you had is a good link to follow on what is a preferred code. The only reason you would use another version is because of features you require or support for a new hardware. It's a trade off as to wanting features and having stability.
-Scott
*** Please rate helpful posts ***
03-26-2016 07:30 PM
TLS 1.2 is not supported on AireOS 8.0.
Release 8.2 added that support as documented in the release notes here:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82.html
03-27-2016 09:18 PM
Thanks Marvin, It's recommended to upgrade to AireOS 8.2? This version is stable? I found a link where Cisco TAC recommended 8.0.121.0. and 8.2 is only recommended for deployments that require new features or hardware support.
http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html
03-28-2016 06:22 AM
I don't thing they were recommending v8.2, they were just stating what version it was fixed. The link you had is a good link to follow on what is a preferred code. The only reason you would use another version is because of features you require or support for a new hardware. It's a trade off as to wanting features and having stability.
-Scott
*** Please rate helpful posts ***
03-28-2016 06:27 AM
Precisely - echoing Scott's reply.
Also be sure to check your APs for code support. Some older APs will not run post-8.0 software.
04-05-2019 02:12 AM - edited 04-05-2019 02:14 AM
Too bad Cisco didn't port back TLS1.2 to 8.0 or 8.1 release.
03-27-2016 07:19 PM
Yes from 8.2.100 onwards.
Refer the link : http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone/ssl-tls-vulnerability-response.pdf
12-17-2018 09:46 AM
Hi Team - Was anyone able to get rid of tlsv1.0?
Kind Regards,
04-05-2019 07:51 AM
- Not possible
M.
04-05-2019 07:55 AM
- As informative replies where already given, for demo purposes you can use this to enumerate the supported ciphers on your controller :
% nmap --script ssl-enum-ciphers -p 443 controllername
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide