How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

Description

How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

Cause

Some PCI compliance tests will fail for using lower ciphersuites like TLS 1.0 or even 1.1

Resolution

With 10.2.x firmwares,  you can choose which ciphersuites sets that will be allowed to run on the SMA 100 Series.

  • Navigate  to System| Administration | Global SSL/ TLS Settings.
  • There are 4 cipersuites you can choose from:
    Image
  • Modern Compatibility- Allows only TLSv1.3
    Image

  • Intermediate Compatibility- Allows TLSv1.3 and TLSv1.2.  By default, this ciphersuite is activated and lower ciphersuites are disabled.Image

  • Old Backward Compatibility- Allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. 
    Image


    TIP: If you are using this ciphersuite and would like to disable TLSv1 and TLS1.1 and only want to use ONLY TLSv1.2, then highlight TLSv1.2 and click accept. Now TLSv1 and TLSv1.1 will not work on the SMA (But it will pass all PCI scans for TLS). If you want TLSv1.2 and TLSv1.1, use control key to highlight both and click accept. Now TLSv1 will not work.

  • Custom Ciphersuites- Allows you to add custom ciphersuites apart from the TLS versions.


 

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 100 Series
System
not finding your answers?
Ask the Community