topic ACE 4710 Forward Secrecy in Application Networking

ACE 4710 Forward Secrecy

greg.murray — Fri, 08 May 2015 10:36:16 GMT

Does the ACE 4710 support FS (Forward Secrecy)?

In respect of FS (Forward Secrecy) I found a nice link that discusses the cipher suites required to support this.

https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy?_ga=1.37950244.609993483.1431008577

In the nutshell, these are some of the suites we might want to enable and push (close) to the top:

TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

However what I cannot see is how this maps to the supported suites on the ACE.

ACE-4710(config-parammap-ssl)# cipher ?

RSA_EXPORT1024_WITH_DES_CBC_SHA Accept RSA_EXPORT1024_WITH_DES_CBC_SHA cipher

RSA_EXPORT1024_WITH_RC4_56_MD5 Accept RSA_EXPORT1024_WITH_RC4_56_MD5 cipher

RSA_EXPORT1024_WITH_RC4_56_SHA Accept RSA_EXPORT1024_WITH_RC4_56_SHA cipher

RSA_EXPORT_WITH_DES40_CBC_SHA Accept RSA_EXPORT_WITH_DES40_CBC_SHA cipher

RSA_EXPORT_WITH_RC4_40_MD5 Accept RSA_EXPORT_WITH_RC4_40_MD5 cipher

RSA_WITH_3DES_EDE_CBC_SHA Accept RSA_WITH_3DES_EDE_CBC_SHA cipher

RSA_WITH_AES_128_CBC_SHA Accept RSA_WITH_AES_128_CBC_SHA cipher

RSA_WITH_AES_128_CBC_SHA256 Accept RSA_WITH_AES_128_CBC_SHA256 cipher

RSA_WITH_AES_256_CBC_SHA Accept RSA_WITH_AES_256_CBC_SHA cipher

RSA_WITH_DES_CBC_SHA Accept RSA_WITH_DES_CBC_SHA cipher

RSA_WITH_RC4_128_MD5 Accept RSA_WITH_RC4_128_MD5 cipher

RSA_WITH_RC4_128_SHA Accept RSA_WITH_RC4_128_SHA cipher

Is it supported?

Hi Greg,ACE doesn't support

Kanwaljeet Singh — Sat, 09 May 2015 22:25:10 GMT

Hi Greg,

ACE doesn't support forward secrecy and there are no plans too. With A532 which was supposed to be the last ACE version to be released, i don't see this being implemented.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

HiThank you for the post. Do

greg.murray — Wed, 20 May 2015 09:21:36 GMT

Thank you for the post. Do you have a link or a document that refers to this? As I can't find anything?

Regards

ACE 4710 & ACE30 don't

TIM JUDGE — Sat, 08 Aug 2015 06:43:54 GMT

ACE 4710 & ACE30 don't support forward secrecy. However, there is one more release coming in late August - A5(3.3) which should plug some more SSL bugs.

Re: ACE 4710 & ACE30 don't

e.deparetere — Wed, 06 Sep 2017 12:44:12 GMT

Does the ACE 4710 A5(3.5) support FS (Forward Secrecy)?
Thank's a lot.