How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

07/14/2021 18 People found this article helpful 200,794 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?

Cause

Some PCI compliance tests will fail for using lower ciphersuites like TLS 1.0 or even 1.1

Resolution

With 10.2.x firmwares,  you can choose which ciphersuites sets that will be allowed to run on the SMA 100 Series.

• Navigate  to System| Administration | Global SSL/ TLS Settings.
• There are 4 cipersuites you can choose from:
  
• Modern Compatibility- Allows only TLSv1.3
  
  
  
• Intermediate Compatibility- Allows TLSv1.3 and TLSv1.2.  By default, this ciphersuite is activated and lower ciphersuites are disabled.
  
  
• Old Backward Compatibility- Allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. 
  
  
  
  TIP: If you are using this ciphersuite and would like to disable TLSv1 and TLS1.1 and only want to use ONLY TLSv1.2, then highlight TLSv1.2 and click accept. Now TLSv1 and TLSv1.1 will not work on the SMA (But it will pass all PCI scans for TLS). If you want TLSv1.2 and TLSv1.1, use control key to highlight both and click accept. Now TLSv1 will not work.
  
  
• Custom Ciphersuites- Allows you to add custom ciphersuites apart from the TLS versions.

Related Articles

• Printer Redirection with RDP through Secure Mobile Access
• EPC check based on Windows version
• SMA1000: How to manage Connect Tunnel client Auto-updates

Categories

• Secure Mobile Access > SMA 100 Series > System