cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
428
Views
0
Helpful
3
Replies

Query on SSL Cipher

Hi,

Can anybody help me to know how to configure Cipher on ACE? why do we need to enable cipher for an application?

Regards,

Thiyagu

Everyone's tags (3)
3 REPLIES 3
Highlighted
Cisco Employee

Query on SSL Cipher

Hi,

You can use parameter  map to include ciphers that you need to negotiate during SSL handshake.

parameter-map type ssl PARAMMAP_SSL_INITIATION

  cipher RSA_WITH_RC4_128_MD5

  cipher RSA_WITH_RC4_128_SHA

  cipher RSA_WITH_DES_CBC_SHA

  cipher RSA_WITH_3DES_EDE_CBC_SHA

  cipher RSA_WITH_AES_128_CBC_SHA

  cipher RSA_WITH_AES_256_CBC_SHA

  cipher RSA_EXPORT_WITH_RC4_40_MD5

  cipher RSA_EXPORT1024_WITH_RC4_56_MD5

  cipher RSA_EXPORT_WITH_DES40_CBC_SHA

  cipher RSA_EXPORT1024_WITH_DES_CBC_SHA

  cipher RSA_EXPORT1024_WITH_RC4_56_SHA

  version all

Regards,

Kanwal

Highlighted

Query on SSL Cipher

Hi,

Please help me know what is the function of Cipher and how to configure cipher for probe, L4 and L7 class-map.

Please share any cisco links to know more about Cisco.

Regards,

Thiyagu

Highlighted
Beginner

Query on SSL Cipher

The cipher is negotiated in the SSL handshake between the client and server to determine the type and level of encryption you want to use for this connection. By default all of the ciphers that the ACE supports can be used. If you want to restrict this to a specific cipher you can create the parameter-map as Kanwal suggested in the earlier post. This gets applied under the ssl-proxy service used for the ssl termination.

.

The sample below is only related to the cipher for the vip and probe config. You can look over the link below on ssl termination to see how all of these pieces tie together in a full config.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml

parameter-map type ssl PARAMMAP_SSL_INITIATION

  cipher RSA_WITH_AES_256_CBC_SHA

ssl-proxy service test

  cert  mycert.pem

  key  mykey.pem

  ssl advanced-options test1234

probe https test1234

  interval 30

  passdetect interval 60

  port 443

  ssl cipher RSA_WITH_AES_256_CBC_SHA

  expect status 200 200

I hope this helps.

Best regards

Jim

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here