Aruba & ProVision-based

1820-8G switch (J9979A) with letsencrypt certificate, TLS problem

 
errgo
Frequent Visitor

1820-8G switch (J9979A) with letsencrypt certificate, TLS problem

Apologies if this is in the wrong forum.  I saw Aruba mentioned with the 1820 switches somewhere and didn't see a better match.  If this should be on a different forum, please advise.  Maybe Networking->Legacy->Switches, Hubs, and Modems would be more appropriate.

HP 1820-8G switch (J9979A);  Firmware version: PT.02.12 (latest, as of 06/04/2021)

I've created a letsencrypt certificate and uploaded the appropriate files to the switch.  I can now connect to the switch with SSL (https), but firefox and chrome both complain the site is not secure, Chrome with "net::ERR_SSL_OBSOLETE_VERSION", and firefox with a "weak encryption" error and their security dialogs both show a TLS 1.0 connection..

So it appears the switch only supports TLS 1.0.  If this is wrong, is there some way to enable support for modern TLS versions.  If I'm correct, are there plans to update the switch with support for TLS 1.2 et al.?

Thanks,

Roger

2 REPLIES 2
akg7
HPE Pro

Re: 1820-8G switch (J9979A) with letsencrypt certificate, TLS problem

Hello,

It seems it was a bug into older version and it was fixed into lates version  PT.02.12 - Latest build which was released on 6th May, 2021. Please refer below release notes.

https://www.arubanetworks.com/techdocs/P-code/RN/5200-8202.pdf

 

Version 02.11
Web UI
CR_254616
Symptom/Scenario: When using the Chrome browser, the browser reports the SSL certificate is invalid.
Workaround: Use the Internet Explorer or Firefox web browsers. PD0216-02
Symptom/Scenario: Non-default HTTP/HTTPS session timeout values are not preserved following a
reboot.

Are you using latest version?

Thanks!

I am an HPE Employee

Accept or Kudo

errgo
Frequent Visitor

Re: 1820-8G switch (J9979A) with letsencrypt certificate, TLS problem

Hello,

Thanks for the response, but as stated in my message, I'm already using PT.02.12.  The release notes recommend a workaround, i.e. to use firefox or IE, but this isn't a fix at all.  They're just recommending you use a browser that still supports TLS 1.0, and even firefox has now deprecated it, so the only browser in the list they mention that works without complaint is IE.  What I'm hoping for in a "fix" is support for modern versions of TLS.

Thanks,

Roger