A

1 Message

 • 

70 Points

Fri, May 28, 2021 12:52 PM

Client sent me this request about TLS and I'm not sure how to respond.

"Can you see if our we can update the firmware in our Ruckus equipment?  We have TLS1.0 and need 1.3.  They are popping up in vulnerability scans that the lower TLS level is a weak spot in the system and need updating."

They have 2 R320 AP's (v. 200.9.10.4.212) and a 7150-C12 switch.

I'm unsure if updating the firmware will solve their issue.  I wanted to reach out here before I blindly updated and see if anyone could provide an answer.

Thank you,

-Adam

Employee

 • 

103 Messages

 • 

1.5K Points

6 m ago

Hi Adam,

I would suggest to try the below and perform a scan again (the commands are disable weak tls cipher) :

SSH to the Unleashed Master and execute the below commands:


ruckus> enable
ruckus# debug
ruckus(debug)# show tls
TLS= Support TLS 1.0 and TLS 1.1
ruckus(debug)# no support-tls 1.0-1.1
Are you sure you want to change whether support TLSv1.0 and TLSv1.1, If yes, it will reboot Master.[Y/n]
Y

Once the AP reboots and comes back online, SSH to the Master AP and execute the same "show tls" command under the debug mode. It will show "Not support TLS 1.0 and TLS 1.1"

ruckus>
ruckus> enable
ruckus#
ruckus# debug
ruckus(debug)#
ruckus(debug)# show tls
TLS= Not support TLS 1.0 and TLS 1.1

Best Regards

Vineet

Important Announcement