THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
06-Aug-20 |
Initial Release |
1.1 |
10-Aug-20 |
Updated the Products Affected Section |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
Identity Services Engine System Software |
1 |
1.0, 1.0 MR, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.3, 1.4 |
For ISE 1.X - all versions |
NON-IOS |
Identity Services Engine System Software |
2 |
2.0, 2.0.1 |
For ISE 2.0 – all patch versions |
NON-IOS |
Identity Services Engine System Software |
2 |
2.1.0 |
For ISE 2.1 – all patch versions |
NON-IOS |
Identity Services Engine System Software |
2 |
2.2.0 |
For ISE 2.2 - up to and including Patch 10 |
NON-IOS |
Identity Services Engine System Software |
2 |
2.3.0 |
For ISE 2.3 – up to and including Patch 5 |
Defect ID | Headline |
---|---|
CSCvk10081 | ISE uses TLS 1.0 when proxy configured and TLS 1.2 if no proxy configured |
For the affected Cisco Identity Services Engine (ISE) versions, the Cisco feed service for posture updates and client provisioning via Transport Layer Security (TLS) 1.0 is no longer considered secure and has been discontinued.
When proxy connections are configured, ISE connections to external sites for posture updates and client provisioning that use TLS 1.0 are no longer considered secure. The Cisco feed service headend currently operates with TLS 1.2 for improved security.
For the affected ISE versions, proxy connections to external sites for posture updates and client provisioning will fail with an error when TLS 1.0 is used.
The posture updates error displayed on the ISE console is shown in this image.
The client provisioning error displayed on the ISE console is shown in this image.
In order to utilize TLS 1.2 for proxy connections, upgrade the ISE system software to one of these versions:
If an upgrade to the ISE system software is not immediately possible, perform the Cisco ISE Offline Updates process. To do so, see the respective Cisco Identity Services Engine Release Notes document for the ISE version used.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.