11-12-2018 04:16 AM
Solved! Go to Solution.
02-07-2024 10:21 PM
Hi @ALI
Yes, you can use the same procedure to disable TLS 1.0 and 1.1 on the ZD
To check the version on the AP CLI:
rkscli: get tls-version
Minimum TLS Version: tlsv1
OK
To disable tls 1.0 on the AP, set the tls to 1.1 or 1.2 with the below command.
rkscli:set tls-version tlsv1.2
To disable the tls version 1.0 on the Zone director, use the below command.
ruckus> en
ruckus# debug
You have all rights in this mode.
ruckus(debug)# no support-tls 1.0
Are you sure you want to change whether support TLSv1.0, If yes, it will reboot ZoneDirector.[Y/n]
Note: ZD will reboot.
After the ZD reboot, use the command "no support-tls 1.1" to disable TLS 1.1
11-12-2018 07:11 AM
11-15-2019 05:13 AM
11-20-2019 07:49 PM
01-24-2021 06:02 AM
I have a zone director 1200.
get tls-version is not a recognized command.
I would like to turn off tlsv1.1 and only allow tlsv1.2, will this break the communication between the zone director and the ap's through ftp?
FYI, per NIST, effective June 2018, must cutover to tls 1.2 because tls 1.1 has multiple cryptographic flaws that can be exploited by a man-in-the-middle attack.
I followed your steps to disable tls 1.1 and verified it using openssl. It worked for 443 and shows only tls 1.2 is allowed but my nessus scan still shows that ftp is still using tls 1.1
Robert Lee