Application Delivery (ADX)

Reply
Regular Visitor
Posts: 1
Registered: ‎09-02-2015

ADX 1000 SI-1008-1-SSL 12.4.00wT401 TLS 1.2 Cipher-Suites

I'm having trouble getting TLS 1.2 to work on an ADX 1000 with Firmware 12.4.00W

System Version 12.4.00wT401 Apr 20 2015 17:50:03 PDT label: ASM12400w

Here's an example, this particular "domain" has an wildcard cert. Is there a break down of which cipher-suites are specific to which TLS version? Is there a method/recommendations for changing their ordering? 

ssl profile *.domain.com
keypair-file domain_wckey
certificate-file domain_wccrt
cipher-suite rsa-with-3des-ede-cbc-sha
cipher-suite rsa-with-aes-128-sha
cipher-suite rsa-with-aes-256-sha
cipher-suite rsa-export-with-des40-cbc-sha
cipher-suite rsa-export-with-rc2-cbc-md5
cipher-suite rsa-with-3des-ede-cbc-md5
cipher-suite rsa-with-des-cbc-md5
cipher-suite rsa-with-rc2-cbc-md5
cipher-suite rsa-with-des-cbc-sha
disable ssl2 ssl3
enable-certificate-chaining
ca-cert-file domain_wccrt
session-cache off


Occasional Contributor
Posts: 16
Registered: ‎06-13-2011

Re: ADX 1000 SI-1008-1-SSL 12.4.00wT401 TLS 1.2 Cipher-Suites

I'm pretty sure you'll need some flavor of 12.5 to make this work.

 

I'm running 12.5.02bT403 & TLS 1.2 is working.

 

fyi

Occasional Contributor
Posts: 5
Registered: ‎06-03-2015

Re: ADX 1000 SI-1008-1-SSL 12.4.00wT401 TLS 1.2 Cipher-Suites

I second that. I believe TLS 1.2 is only supported in 12.5 and above.

Occasional Contributor
Posts: 7
Registered: ‎11-13-2015

Re: ADX 1000 SI-1008-1-SSL 12.4.00wT401 TLS 1.2 Cipher-Suites

Hey all,

 

Correct, TLS 1.1 and 1.2 is not supported until 12.5. I would recommend going to 12.5.02e and unlock all barrel processors as the cavium chip has problems with the higher ciphers on one BP.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.