Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Web auth supporting fragmented SSL&TLS packets in 7.0.116?

Dear collegues and Cisco experts.

I hope anyone of you can reply if this is supported on thew current platform (WLC5508 sw rel 7.0.116)

I have not been able to reproduce this myself, but some problems have been reported after mid january, when KB2585542 might be the culprit.

Is the internal webauthentication portal in above platform able to handle this, or is s/w upgrade inevitable?

Does WLC guest portal w high cipeher option handle the Fragmentation  of SSL/TLS application records, as described in the following RFCs:

Environment

Windows XP Professional SP3 clients with Internet Explorer 8

Wireless lan controller cluster with redundant(2) webauthentication anchors (all AIR-CT5508-XXX-K9 sw rel 7.0.116)

Microsoft statement

"After installing MS12-006, you may experience authentication failure or loss of connectivity to some HTTPS servers. This issue occurs because this security update changes the way that records are sent to HTTPS servers. To address an information disclosure vulnerability, SChannel now implements certain ciphers used in SSL 3.0 and TLS 1.0 in a more secure fashion. The updated behaviour is fully compliant with the RFCs, but it is something that has generally not been used on the internet before

There are two fixes involved: the SChannel fix makes the new behaviour available, and a fix included in the December Cumulative Update makes Internet Explorer request that more secure option. The behaviour will change only if both are present"

Sincere regards

Mats Nilson

  
AIR-CT5508-100-K9
Everyone's tags (3)
442
Views
0
Helpful
0
Replies