https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221670#M1117421 <P>Check this&nbsp;</P> <P><A href="https://integratingit.wordpress.com/2021/01/28/secure-ftd-tls-ciphers/" target="_blank">https://integratingit.wordpress.com/2021/01/28/secure-ftd-tls-ciphers/</A></P> <P>MHM</P> Thu, 07 Nov 2024 19:01:19 GMT MHM Cisco World 2024-11-07T19:01:19Z https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221613#M1117415 <P>Hi, my company uses a Cisco 4115 FTD version 7.2.7 to provide remote access for company employees. Cisco Secure Client and Cisco ISE are used as part of this solution. In a recent penetration test, the auditors advised that we disable cipher suites that operate in CBC mode on these devices. The reason they gave is that these cipher suites have the potential to leak information if used improperly.<BR />We manage these devices through an FMC running 7.4.1.1. I have tried to determine how I can disable these suites but to no avail. Can anyone advise how to do this and also, whether it is a valid concern on behalf of the auditor?<BR /><BR />Thanks</P> Thu, 07 Nov 2024 16:27:07 GMT https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221613#M1117415 macloughs 2024-11-07T16:27:07Z https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221670#M1117421 <P>Check this&nbsp;</P> <P><A href="https://integratingit.wordpress.com/2021/01/28/secure-ftd-tls-ciphers/" target="_blank">https://integratingit.wordpress.com/2021/01/28/secure-ftd-tls-ciphers/</A></P> <P>MHM</P> Thu, 07 Nov 2024 19:01:19 GMT https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221670#M1117421 MHM Cisco World 2024-11-07T19:01:19Z https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221808#M1117428 <P>The procedure is also covered in this community thread:</P> <P><A href="https://community.cisco.com/t5/vpn/anyconnect-perfect-forward-secrecy/td-p/3324415" target="_blank">https://community.cisco.com/t5/vpn/anyconnect-perfect-forward-secrecy/td-p/3324415</A></P> <P>FYI you should also upgrade to 7.2.9 or 7.4.2.1 to address other recent security vulnerabilities announced by Cisco.</P> <P><A href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300" target="_blank">https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300</A></P> Fri, 08 Nov 2024 04:28:03 GMT https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5221808#M1117428 Marvin Rhoads 2024-11-08T04:28:03Z https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5222602#M1117463 <P>Thanks guys for the help. That was what I was looking for.</P> Mon, 11 Nov 2024 09:59:11 GMT https://community.cisco.com/t5/network-security/disable-ssl-block-chaining-on-firepower-for-client-remote-access/m-p/5222602#M1117463 macloughs 2024-11-11T09:59:11Z