cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
0
Replies

ACE30 / 4710 Upgrade - SSL properties

Hi,

I'm hoping someone is able to shed some light on the ssl configuration within the ACE Software versions. We're running a No. of ACE30 and 4710 devices, all currently running A4 (2.1) image. We're looking to upgrade in order to be able to take advantage of the later TLS standards. Having tested the upgrade within a test environment, the only slight problem we've noticed is the lack of additional SSL ciphers available within the https probe configuration. Whilst the cipher version specified is 'TLS Version 1.0', does this include 1.0 only or does that allow connectivity to hosts that are also configured with TLS 1.2 based certificates? Being able to probe TLS 1.2 versions is one of main drivers for the upgrades, so we're keen to understand if others have faced the same issue.

I've put the version and cipher information below from both A4 (2.1) and A5 (3.3)

###### Options running A4 (2.1) ###########

ACE30/Context(config-probe-https)# ssl version ?
all All SSL versions
SSLv3 SSL Version 3.0

ACE30/Context(config-probe-https)# ssl cipher ?
RSA_ANY Any RSA Cipher
RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA Cipher
RSA_EXPORT1024_WITH_RC4_56_MD5 EXP1024-RC4-MD5 Cipher
RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA Cipher
RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA Cipher
RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 Cipher
RSA_WITH_3DES_EDE_CBC_SHA 3DES-EDE-CBC-SHA Cipher
RSA_WITH_AES_128_CBC_SHA AES-128-CBC-SHA Cipher
RSA_WITH_AES_256_CBC_SHA AES-256-CBC-SHA Cipher
RSA_WITH_DES_CBC_SHA DES-CBC-SHA Cipher
RSA_WITH_RC4_128_MD5 RC4-MD5 Cipher

###### Options following upgrade - A5 (3.3) ###########

ACE30/Context(config-probe-https)# ssl ?
certificate-expiration Ssl certificate expire check ignore
cipher Configure ssl cipher to be used for the https
version Specify ssl version to use for the https probe

ACE30/Context(config-probe-https)# ssl version ?
all All SSL versions
TLSv1 TLS Version 1.0

ACE30/Context(config-probe-https)# ssl cipher ?
RSA_ANY Any RSA Cipher
RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA Cipher
RSA_EXPORT1024_WITH_RC4_56_MD5 EXP1024-RC4-MD5 Cipher
RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA Cipher
RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA Cipher
RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 Cipher
RSA_WITH_3DES_EDE_CBC_SHA 3DES-EDE-CBC-SHA Cipher
RSA_WITH_AES_128_CBC_SHA AES-128-CBC-SHA Cipher
RSA_WITH_AES_256_CBC_SHA AES-256-CBC-SHA Cipher
RSA_WITH_DES_CBC_SHA DES-CBC-SHA Cipher
RSA_WITH_RC4_128_MD5 RC4-MD5 Cipher
RSA_WITH_RC4_128_SHA RC4-SHA Cipher **NEW**

TIA

Everyone's tags (2)
CreatePlease to create content