How can I turn off TLS 1.0 or 1.1 on SMA 100 Series appliances?
Some PCI compliance tests will fail for using lower ciphersuites like TLS 1.0 or even 1.1
With 10.2.x firmwares, you can choose which ciphersuites sets that will be allowed to run on the SMA 100 Series.
Navigate to System|Administration | Global SSL/ TLS Settings.
There are 4 cipersuites you can choose from:
Modern Compatibility- Allows only TLSv1.3
Intermediate Compatibility- Allows TLSv1.3 and TLSv1.2. By default, this ciphersuite is activated and lower ciphersuites are disabled.
Old Backward Compatibility- Allows TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.
TIP:If you are using this ciphersuite and would like to disable TLSv1 and TLS1.1 and only want to use ONLY TLSv1.2, then highlight TLSv1.2 and click accept. Now TLSv1 and TLSv1.1 will not work on the SMA (But it will pass all PCI scans for TLS). If you want TLSv1.2 and TLSv1.1, use control key to highlight both and click accept. Now TLSv1 will not work.
Custom Ciphersuites- Allows you to add custom ciphersuites apart from the TLS versions.