03-27-2013 08:52 AM
I've read the docs regarding a solution for the SSL/TLS renegotiation vulnerability for the CSS devices and I have a question regarding the recommendation of using ssl-server authentication.
In the doc it states that with ssl-server authentication configured ssl connections will require the client to exchange a certificate during the ssl handshake process and that the CSS will verify the cert is valid. I'm trying to determine if the client certificate is an x.509 certificate, a standard CA the client would issue or is it change that the cert and key matches what I have configured in my ssl-proxy-list????
I have way to many clients to go back and work through a deployment for x.509 so if thats the case is there something else I can do to resolve this vulnerabilty.
03-28-2013 02:22 AM
Hi,
Client certs are also x.509 type certs and would be issued by CA. Client authentication is also optional and is used by server to confirm the identity of client to which it is talking to.
Which vulnerability are you referreing to and in which version?
As far as i know client authentication adds an extra parameter of security but is optional.
Regards,
Kanwal
03-28-2013 02:09 PM
What version are you running?
Jorge
04-03-2013 10:48 AM
sg0810401 (08.10.4.01)
The vulnerability is
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide