HPE Community
Aruba & ProVision-based
1753861 Members
7402 Online
108809 Solutions
New Discussion

ProCurve TLS Support

 
Dale Magnant
Occasional Advisor

‎09-03-2016 07:13 AM

‎09-03-2016 07:13 AM

ProCurve TLS Support

Hello,

Three questions:

1.) Does there exist a reference matrix depicting the TLS level supported by various HP switches?

2.) It appears, even with the latest firmware, that the HP 2810-48G (J9022A) does not support anything later than TLS 1.0  Can someone confirm this? 

3.) Is there any determinant, other than simply the decision not to implement it in firmware, for which a given switch does not offer the latest TLS support? 

Thank You,

Dale

0 Kudos
1 REPLY 1
Ian Vaughan
Honored Contributor

‎09-06-2016 11:45 AM

‎09-06-2016 11:45 AM

Re: ProCurve TLS Support

Howdy,

I am sure if you speak to your local HPE/Aruba presales contact they would be able to find out the latest and greatest versions of TLS supported if you gave them the models that you have currently deployed in your Enterprise. 

If you have a 2810 it is probably well worth bringing up to date on a regular basis just as proactive defence against bugs. There is new firmware as of August 2016 - might be worth a look. The 2810 started life in about 2007 and only went End of Sale just over three years ago so it still has a little while yet before the "end of Engineering support" date. 

Pure supposition - Maybe the chipset doesn't support hardware acceleration of more recent ciphers and protocols and maybe the performance would have been impacted and that's why ultimately that line turned into the 2530 series? It did put in a six year tour of duty which is more than most :-) 

If you absolutely need to access the Web Management in a secure manner to pass an audit or suchlike, have you looked into putting a gateway box at the head of your switch management network (making it not accessible via any other means) and build a simple SSH tunnel or VPN service (linux based appliance or VM?) to access the devices. 

Alternatively put a network management server (IMC?)  in front of the infrastructure, disable telnet etc and talk to the switches using only ssh and SNMPv3. 

Hope that gives you some ideas. Don't be afraid of the "Kudos" and "solved" buttons if you are reading these forums and find a post helpful / informative / amusing.  

Let us know what you find out and, if needed, what steps you plan to take to meet the audit requirement.

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.