CommScope RUCKUS Community Forums

MWSS · ‎07-05-2023

Hello,

I'm tidying up ready for our pen test later in the year. Last year the management address for our unleashed network reported the below vulnerabilities.

TLS Version 1.0 Protocol Detection
SSL Medium Strength Cipher Suites Supported (SWEET32)
SSL RC4 Cipher Suites Supported (Bar Mitzvah)

I've confirmed that tls 1.0 and 1.1 support is enabled. Can I safely disable this and how?

and do you have any advice on the cipher suites?

we're currently running firmware 200.13.6.1.319

kind regards

MWSS

Vineet_nejwala · ‎07-05-2023

Hi @MWSS

Kindly follow below :

Please login: admin
Password:
Welcome to Ruckus Unleashed Network Command Line Interface
ruckus>
ruckus> enable
ruckus#
ruckus# debug
ruckus(debug)#
ruckus(debug)# show tls
TLS= Support TLS 1.0 and TLS 1.1

If it shows that it will support both TLS 1.0 and TLS 1.1, then disable via below :

ruckus(debug)# no support-tls 1.0-1.1
Are you sure you want to change whether support TLSv1.0 and TLSv1.1, If yes, it will reboot Master.[Y/n] Y

Once the AP reboots and comes back online, SSH to the Master AP and execute the same "show tls" command under the debug mode. It should show "Not support TLS 1.0 and TLS 1.1" as shown in the below output.

ruckus>
ruckus> enable
ruckus#
ruckus# debug
ruckus(debug)#
ruckus(debug)# show tls
TLS= Not support TLS 1.0 and TLS 1.1

Best Regards

Vineet

MWSS · ‎07-07-2023

thank you.

there is no impact when disabling?

Vineet_nejwala · ‎07-07-2023

In vSZ it does cause some service to restart hence better to disable while off time.

Best Regards

Vineet

CommScope RUCKUS Community Forums

TLS 1.0 and 1.1 & cipher suites - Ruckus Unleashed - r650