Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NetExtender - no support for TLS 1.3?

Hello,

we're using SMA 500v - in the configuration I can set the appliance to only use TLS 1.3 - but when I do this, I cannot connect to it using NetExtender anymore. Setting back to TLS 1.2+ solves this issue.

This means, NetExtender currently does not support TLS 1.3, right? When will this be coming?

Thanks for your feedback on this.

Category: Secure Mobile Access Appliances
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Any feedback from Sonicwall? @Micah?

  • SimonSimon Moderator

    Hi @tabbit

    You are correct that Netextender on Windows does not support TLS 1.3.

    If you look at page 87 in the Admin Guide this is documented.

    https://www.sonicwall.com/techdocs/pdf/sma_100-10-2-administration_guide.pdf

  • tabbittabbit Newbie ✭

    Thanks a lot for this information!

    I could see in the documentation, that NetExtender for Linux does indeed support TLS 1.3, only the Windows client doesn't.

    Do you know whether there are plans to support it in upcoming versions?

  • SimonSimon Moderator

    Hi @tabbit

    In the future, we must have a Windows tunnel client for the SMA 100 product line that supports TLS1.3. I am not certain when that will be implemented. I don't have complete visibility into the Netextender road map and timeline.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Simon @tabbit the future is now (2 years later) and NetExtender still does not support TLS 1.3, feels embarrassing and isn't funny anymore.

    I would like to have my SMAs running in TLS 1.3 mode only, which is OK for MobileConnect but not for NetExtender. Even if I select Wireguard as protocol in NetExtender, some chit chat is done via HTTPS which fails because of TLS 1.3.

    @Simon @Community Manager could you please check this with product management and provide a realistic date when this will be implemented, doesn't sound like rocket science to me.

    --Michael@BWC

Sign In or Register to comment.