ZyWALL USG 300 and TLS 1.2

link000
link000 Posts: 39  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security

Hello. I'm using ZyWALL USG 300.

Firmware Version: 3.30 (AQE.7) ITS-WK09-r59684 / 1.12 / 2015-03-17 00:17:38.

Is it possible to enable TLS 1.2 protocol support in the device?

Thanks.

«13

Comments

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    Did you disabled weak cyphers?

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014475&lang=EN

    Or TLS 1.0?

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=016999&lang=EN

    (backup before doing any test...)

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi, mMontana.

    ZyWALL USG 300:

    Router> show ip http server secure status

    active              : yes

    port                : 443

    certificate         : zywall-usg-300

    force redirect      : yes

    authentication client: no

    anti beast attack   : no

    strong cipher suite : no

    cipher suite        : aes 3des des rc4

    sslv3 support       : no


    For example, USG20W-VPN:

    Router> show ip http server secure status

    active              : yes

    port                : 443

    certificate         : myrouter.zyxel-usg

    force redirect      : yes

    authentication client: no

    strong cipher suite : no

    cipher suite        : aes 3des des rc4

    ssl protocol        : tls1.2 tls1.1 tls1.0

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    Zywall usg 300 is quite an old model. It doesn't seem to support TLS 1.2.

    image.png
  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    @jasailafan which device produced that output?

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    @mMontana

    It is Zywall usg 300 in firmware 3.30(AQE.7).

    Strong cipher suite is enabled.

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    @jasailafan, @mMontana thanks. I would also like to hear the answer from Zyxel officials.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @link000,

    You need to upgrade ZyWALL USG 300 to the latest date firmware 3.30(AQE.7)ITS-WK48-r74988 for TLS 1.2 support.

    The firmware is sent to you in private message.

     

    Disable SSLv3 and TLS 1.0 using commands.

    Router> configure terminal

    Router(config)# no ip http secure-server sslv3

    Router(config)# no ip http secure-server tlsv10

    image.png
    image.png
  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    @Zyxel_Emily , thank you very much!

  • link000
    link000 Posts: 39  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    ZyWALL USG 300 and TLS 1.2.png

    Everything works perfectly.

    Thanks to everyone.

  • StouAdmin
    StouAdmin Posts: 19  Freshman Member
    First Comment Friend Collector Fourth Anniversary

    @Zyxel_Emily

    Hi, is it possible to receive that firmware too for the USG300?

    Im also looking to enable tls1.2 but the firmware i'm using is

    ZyXEL Communications Corp.

    model          : ZyWALL USG 300

    firmware version: 3.30(AQE.7)

    BM version     : 1.13

    build date     : 2015-01-13 16:31:42

    active              : yes

    port                : 443

    certificate         : Fiber

    force redirect      : yes

    authentication client: no

    anti beast attack   : no

    strong cipher suite : yes

    cipher suite        : aes 3des des rc4

    sslv3 support       : no

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)