General
I have booted 9800 in 17.6.6/17.9.2 code with fixed config change - nmsp strong-cipher implemented.
tested openssl from linux server and could see controller is returning success negotiation to TLS 1.2 and decline TLS 1.1 and 1.0.
As soon as i recreated new certificate trustpoint for wireless management interface, controller reverts support for TLS 1.1. Ideally, new cert change should not modify TLS cipher-suit and version update in code. This fix is broken.
Symptom
I have booted 9800 in 17.6.6/17.9.2 code with fixed config change - nmsp strong-cipher implemented.
tested openssl from linux server and could see controller is returning success negotiation to TLS 1.2 and decline TLS 1.1 and 1.0.
As soon as i recreated new certificate trustpoint for wireless management interface, controller reverts support for TLS 1.1. Ideally, new cert change should not modify TLS cipher-suit and version update in code. This fix is broken.
Conditions
I have booted 9800 in 17.6.6/17.9.2 code with fixed config change - nmsp strong-cipher implemented.
tested openssl from linux server and could see controller is returning success negotiation to TLS 1.2 and decline TLS 1.1 and 1.0.
As soon as i recreated new certificate trustpoint for wireless management interface, controller reverts support for TLS 1.1. Ideally, new cert change should not modify TLS cipher-suit and version update in code. This fix is broken.
Workaround
Disable and enable strong-cipher.
no nmsp strong-cipher
nmsp strong-cipher
No impact on the platform.
Further Problem Description
I have booted 9800 in 17.6.6/17.9.2 code with fixed config change - nmsp strong-cipher implemented.
tested openssl from linux server and could see controller is returning success negotiation to TLS 1.2 and decline TLS 1.1 and 1.0.
As soon as i recreated new certificate trustpoint for wireless management interface, controller reverts support for TLS 1.1. Ideally, new cert change should not modify TLS cipher-suit and version update in code. This fix is broken.
