Is it possible to disable TLS 1.0 on the Zonedirector ZD1200 firmware version 10.1?

  • 1
  • Question
  • Updated 3 weeks ago
  • Answered
Is it possible to disable TLS 1.0 on the Zonedirector ZD1200 firmware version 10.1?
Photo of James Hicks

James Hicks

  • 2 Posts
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Ankush

Ankush, Employee

  • 73 Posts
  • 43 Reply Likes
Hi James,

TLSv1.0 is disabled in 10.1.1.0.55.
<From Release notes Text>
TLSv1.0 has been disabled in this release due to security concerns, and ZoneDirector now supports only TLSv1.1 and v1.2.

Regards,
-Ankush
Photo of Robert Lee

Robert Lee

  • 1 Post
  • 0 Reply Likes
Our ZoneDirector 1200 on 10.3.0.0 build 398 but my nessus scan reports that it has the SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
Photo of Sanjay Kumar

Sanjay Kumar, Employee

  • 30 Posts
  • 9 Reply Likes
Hi,

To understand the TLS version currently used, SSH into the AP and check the TLS version with the command "get tls-version". If the output is as below then the TLS version 1.0 is been used.

rkscli: get tls-version
Minimum TLS Version: tlsv1
OK

To disable tls 1.0 on the AP, set the tls to 1.1 or 1.2 with the below command.
rkscli:set tls-version tlsv1.2

To disable the tls version 1.0 on the Zone director, use the below command.

ruckus> en
ruckus# debug
You have all rights in this mode.
ruckus(debug)# no support-tls 1.0
Are you sure you want to change whether support TLSv1.0, If yes, it will reboot ZoneDirector.[Y/n]

Note: ZD will reboot.

Regards,
Sanjay Kumar