Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
3
Replies

CSS11500 ssl-server authentication

shday
Level 1
Level 1

‎03-27-2013 08:52 AM

I've read the docs regarding a solution for the SSL/TLS renegotiation vulnerability for the CSS devices and I have a question regarding the recommendation of using ssl-server authentication.

In the doc it states that with ssl-server authentication configured ssl connections will require the client to exchange a certificate during the ssl handshake process and that the CSS will verify the cert is valid.  I'm trying to determine if the client certificate is an x.509 certificate, a standard CA the client would issue or is it change that the cert and key matches what I have configured in my ssl-proxy-list????

I have way to many clients to go back and work through a deployment for x.509 so if thats the case is there something else I can do to resolve this vulnerabilty.           

Labels:
0 Helpful
3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎03-28-2013 02:22 AM

Hi,

Client certs are also x.509 type certs and would be issued by CA. Client authentication is also optional and is used by server to confirm the identity of client to which it is talking to.

Which vulnerability are you referreing to and in which version?

As far as i know client authentication adds an extra parameter of security but is optional.

Regards,

Kanwal

0 Helpful

Jorge Bejarano
Level 4
Level 4

‎03-28-2013 02:09 PM

What version are you running?

Jorge

0 Helpful

shday
Level 1
Level 1
In response to Jorge Bejarano

‎04-03-2013 10:48 AM

sg0810401 (08.10.4.01)

The vulnerability is 

Advisory ID: cisco-sa-20091109-tls

0 Helpful
Customers Also Viewed These Support Documents