THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
2.0 |
22-Feb-22 |
Updated the Problem Description and Problem Symptom Sections |
1.1 |
10-Nov-21 |
Updated the Products Affected, Defect Information, Problem Symptom, and Workaround/Solution Sections |
1.0 |
21-Jun-21 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
AsyncOS for WSA |
10 |
10.1.0, 10.1.1, 10.1.2, 10.1.3 |
|
NON-IOS |
AsyncOS for WSA |
11 |
11.7.0, 11.7.1, 11.7.2, 11.8.0, 11.8.0(refresh), 11.8.0-453, 11.8.1 |
|
NON-IOS |
AsyncOS for WSA |
12 |
12.0.1, 12.0.1 GD, 12.5.1, 12.5.1 GD |
|
NON-IOS |
AsyncOS for Secure Email |
12 |
12.0.0, 12.1.0, 12.5.0 |
|
NON-IOS |
AsyncOS for Secure Email |
13 |
13.5.1 |
Defect ID | Headline |
---|---|
CSCvv70262 | [WSA] Support TLS1.2 For AMP SSL communication & TLS1.0 and 1.1 removal for AMP |
CSCvv69035 | [ESA] Support TLS1.2 For AMP SSL communication & TLS1.0 and 1.1 removal for AMP |
As of 2022-02-28, Transport Layer Security (TLS) Versions 1.0 and 1.1 will no longer be supported by the Cisco Advanced Malware Protection (AMP) cloud. After this date, all AMP-enabled devices that query the AMP cloud for file reputation will be required to support TLS Version 1.2.
The Internet Engineering Task Force (IETF) has officially deprecated TLS Versions 1.0 and 1.1 and has advised all users to use TLS Version 1.2 or later. In order to meet the IETF recommendation, Cisco has been transitioning all products to support the TLS Version 1.2 or later protocols, which includes the Cisco AMP cloud.
Secure Email Gateway (ESA) and Web Security Appliances (WSAs) that run TLS Version 1.1 or earlier will encounter a TLS communication error and requests to the Cisco AMP cloud for file reputation will fail.
WSA
In order to resolve this issue, upgrade the WSA/Virtual WSA to one of these Async OS builds:
ESA
In order to resolve this issue, upgrade the ESA/Virtual ESA to one of these Async OS builds:
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance