How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

07/14/2021 18 People found this article helpful 46,837 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

Cause

Some PCI compliance tests will fail for using lower ciphersuites like TLS 1.0 or even 1.1

Resolution

With 10.2.x firmwares,  you can choose which ciphersuites sets that will be allowed to run on the SMA 100 Series.

• Navigate  to System| Administration | Global SSL/ TLS Settings.
• There are 4 cipersuites you can choose from:
  
• Modern Compatibility- Allows only TLSv1.3
  
  
  
• Intermediate Compatibility- Allows TLSv1.3 and TLSv1.2.  By default, this ciphersuite is activated and lower ciphersuites are disabled.
  
  
• Old Backward Compatibility- Allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. 
  
  
  
  TIP: If you are using this ciphersuite and would like to disable TLSv1 and TLS1.1 and only want to use ONLY TLSv1.2, then highlight TLSv1.2 and click accept. Now TLSv1 and TLSv1.1 will not work on the SMA (But it will pass all PCI scans for TLS). If you want TLSv1.2 and TLSv1.1, use control key to highlight both and click accept. Now TLSv1 will not work.
  
  
• Custom Ciphersuites- Allows you to add custom ciphersuites apart from the TLS versions.

Related Articles

• How to secure Virtual Office portal from all external access
• NetExtender users fail to get connected throwing an Error Failed to get vpn protocol on firmware 10.2.1.2 or above due to misconfigured protocol
• Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?

Categories

• Secure Mobile Access > SMA 100 Series > System