This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is it possible to disable TLS 1.0 on the Zonedirector ZD1200 firmware version 10.1?

Go to solution
james_hicks_1ll
New Contributor

‎11-12-2018 04:16 AM

Is it possible to disable TLS 1.0 on the Zonedirector ZD1200 firmware version 10.1?
1 ACCEPTED SOLUTION

Go to solution
sanjay_kumar
RUCKUS Team Member
In response to ALI

‎02-07-2024 10:21 PM

Hi @ALI 

Yes, you can use the same procedure to disable TLS 1.0 and 1.1 on the ZD

To check the version on the AP CLI:
rkscli: get tls-version
Minimum TLS Version: tlsv1
OK

To disable tls 1.0 on the AP, set the tls to 1.1 or 1.2 with the below command.
rkscli:set tls-version tlsv1.2

To disable the tls version 1.0 on the Zone director, use the below command.

ruckus> en
ruckus# debug
You have all rights in this mode.
ruckus(debug)# no support-tls 1.0
Are you sure you want to change whether support TLSv1.0, If yes, it will reboot ZoneDirector.[Y/n]

Note: ZD will reboot.

After the ZD reboot, use the command "no support-tls 1.1" to disable TLS 1.1

View solution in original post

0 Kudos
13 REPLIES 13

Go to solution
Ankush_Chandan
RUCKUS Team Member

‎11-12-2018 07:11 AM

Hi James,

TLSv1.0 is disabled in 10.1.1.0.55.
<From Release notes Text>
TLSv1.0 has been disabled in this release due to security concerns, and ZoneDirector now supports only TLSv1.1 and v1.2.

Regards,
-Ankush

Go to solution
robert_lee_joc5
New Contributor

‎11-15-2019 05:13 AM

Our ZoneDirector 1200 on 10.3.0.0 build 398 but my nessus scan reports that it has the SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
0 Kudos

Go to solution
sanjay_kumar
RUCKUS Team Member

‎11-20-2019 07:49 PM

Hi,

To understand the TLS version currently used, SSH into the AP and check the TLS version with the command "get tls-version". If the output is as below then the TLS version 1.0 is been used.

rkscli: get tls-version
Minimum TLS Version: tlsv1
OK

To disable tls 1.0 on the AP, set the tls to 1.1 or 1.2 with the below command.
rkscli:set tls-version tlsv1.2

To disable the tls version 1.0 on the Zone director, use the below command.

ruckus> en
ruckus# debug
You have all rights in this mode.
ruckus(debug)# no support-tls 1.0
Are you sure you want to change whether support TLSv1.0, If yes, it will reboot ZoneDirector.[Y/n]

Note: ZD will reboot.

Regards,
Sanjay Kumar

Go to solution
robert_lee_joc5
New Contributor
In response to sanjay_kumar

‎01-24-2021 06:02 AM

@sanjay_kumar_gols5p74yq7mn

I have a zone director 1200. 

get tls-version is not a recognized command.

I would like to turn off tlsv1.1 and only allow tlsv1.2, will this break the communication between the zone director and the ap's through ftp?

FYI, per NIST, effective June 2018, must cutover to tls 1.2 because tls 1.1 has multiple cryptographic flaws that can be exploited by a man-in-the-middle attack.

I followed your steps to disable tls 1.1 and verified it using openssl. It worked for 443 and shows only tls 1.2 is allowed but my nessus scan still shows that ftp is still using tls 1.1

Robert Lee 

0 Kudos
Copyright © 2024 Khoros, LLC