cancel
Showing results for 
Search instead for 
Did you mean: 

Disabling TLS 1.0 and 1.1 on ZD with firmware 9.8.3 build 14

travish
New Contributor

Hi - I have started getting a security error when navigating to my ZD1100 or APs (7372s) recently.  From my understanding I may be able to disable the offending TLS versions in my system, but I do not know how under this firmware.  Is it possible?

I am not able to upgrade my firmware beyond this build.

4 REPLIES 4

syamantakomer
Community Admin
Community Admin

Hi Travish,

Try below.

Ruckus > en
Ruckus #debug
Ruckus (debug)#no tlsv1


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

travish
New Contributor

Hi and thank you very much for checking on this post for me - I appreciate it!

Here is the sequence I encounter when I attempt that:

Welcome to the Ruckus Wireless ZoneDirector 1100 Command Line Interface
ruckus> en
ruckus# debug
You have all rights in this mode.
ruckus(debug)# no tlsv1
Invalid command "no". The command is either unrecognized or incomplete. To view a list of commands that you can run from this context, type '?' or 'help'.

 

(btw I dont know how to make the command line report the build, but here is a screen shot of it from the web interface to show the version number)

travish_0-1645049325714.png

 

9.8 doesn't do TLS 1.2, so disabling 1.0 & 1.1 probably isn't a thing.

I have a Firefox 40 install I keep specifically for logging into pre-TLS1.2 equipment.

 

Dear Travish,

your EOS ZD1100 does only support 9.10.2 firmware path. There is the last release in 2021. So chances might be high that there is something that fixes your issue. If you upgrade take 9.10.2.0.130.

Resolved Issues in Build 73
• Enhanced 802.1X authentication scalability and performance on ZoneDirector. [ER-6754]
• Resolved an AP kernel memory leak issue that could eventually lead to watchdog timeout reboots. [ER-3544/ER-6666]
• Added CLI command to disable/enable TLS1.0. [ER-6623]

Br,

Mark.

PS: Your APs are even Fragattak unsecure.

Resolved Issues in Build 58
• Resolved an issue related to the WPA KRACK vulnerability. For information on security incidents and responses, see https://
www.ruckuswireless.com/security. [AP-6463]
This release fixes multiple vulnerabilities (also known as KRACK vulnerabilities) discovered in the four-way handshake stage of the
WPA protocol. The Common Vulnerabilities and Exposures (CVE) IDs that this release addresses include:
– CVE-2017-13077
– CVE-2017-13078
– CVE-2017-13079
– CVE-2017-13080
– CVE-2017-13081
– CVE-2017-13082