Technical Note: 3.x Agents do not communicate after 8.x upgrade
Description
Upgrading from a pre-8 version to 8.x could break communication with agents running version 3.0 through 3.2. Hosts that have security disabled are not affected.
In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS to address the POODLE vulnerability (CVE-2014-3566). As of 8.0.0, SSLv3 has been disabled completely.
Secure Agent Communication Compatibility Summary
NAC 7.x: Compatible with all 3.x agents
NAC 8.x: Compatible with 3.3.x (and above) agents
Scope
Version: 8.x and Agent 3.0, 3.1, and 3.2 (with security enabled)
Solution
Workaround: Re-enable SSLv3 until agents are upgraded.
Upgrading from a pre-8 version to 8.x could break communication with agents running version 3.0 through 3.2. Hosts that have security disabled are not affected.
In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS to address the POODLE vulnerability (CVE-2014-3566). As of 8.0.0, SSLv3 has been disabled completely.
Secure Agent Communication Compatibility Summary
NAC 7.x: Compatible with all 3.x agents
NAC 8.x: Compatible with 3.3.x (and above) agents
Scope
Version: 8.x and Agent 3.0, 3.1, and 3.2 (with security enabled)
Solution
Workaround: Re-enable SSLv3 until agents are upgraded.
1. Navigate to Settings > Persistent Agent > Transport Configuration
2. Under TLS Service Configuration panel, SSLv3 can be added in the TLS Protocols field.
2. Under TLS Service Configuration panel, SSLv3 can be added in the TLS Protocols field.