THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
16-Jun-20 |
Initial Release |
1.1 |
25-Nov-20 |
Updated the Products Affected, Defect Information, Problem Description, Problem Symptom, and Workaround/Solution Sections |
1.2 |
27-Apr-21 |
Updated the Problem Description Section |
1.3 |
10-Nov-21 |
Updated the Products Affected, Defect Information, Problem Description, Problem Symptom, and Workaround/Solution Sections |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
AsyncOS for WSA |
10 |
10.0.0, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.5.1, 10.5.1_LD, 10.5.2 |
|
NON-IOS |
AsyncOS for WSA |
11 |
11.0.0, 11.5.1, 11.5.3 |
|
NON-IOS |
AsyncOS for Content Security Management Appliance (SMA) |
10.1 |
10.1.0 |
|
NON-IOS |
AsyncOS for Secure Email |
12 |
12.0.0, 12.1.0, 12.5.0 |
|
NON-IOS |
AsyncOS for Secure Email |
13 |
13.5.1 |
Defect ID | Headline |
---|---|
CSCvu51905 | [SMA] - Limitation: Software Version does not support TLS1.0/1.1 |
CSCvu51814 | [WSA] - Limitation: Software Version does not support TLS1.0/1.1 |
CSCvu51802 | [ESA] - Limitation: Software Version does not support TLS1.0/1.1 |
As of 2021-06-30, Transport Layer Security (TLS) Versions 1.0 and 1.1 will no longer be supported by the Cisco Threat Grid service. After this date, all Advanced Malware Protection (AMP) enabled devices that submit samples to Cisco Threat Grid for dynamic file analysis will be required to support TLS Version 1.2. This change affects the Secure Email Gateway (ESA), Web Security Appliance (WSA), and Security Management Appliance (SMA) devices that have AMP subscriptions and submit samples to Cisco Threat Grid for analysis.
The Internet Engineering Task Force (IETF) has officially deprecated TLS Versions 1.0 and 1.1 and has advised all users to use TLS Version 1.2 or later. In order to meet the IETF recommendation, Cisco has been transitioning all products to support the TLS Version 1.2 or later protocols, which includes the Cisco Threat Grid service.
ESA, WSA, and SMA appliances that run TLS Version 1.1 or earlier will encounter a TLS communication error, and report submissions to the Cisco Threat Grid service will fail.
ESA
If you run:
WSA
If you run:
SMA
If you run Version 10.x of AsyncOS for SMA, upgrade to AsyncOS for SMA 11.0.1-152 or later.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance