07-25-2012 07:33 AM
Hi,
Can anybody help me to know how to configure Cipher on ACE? why do we need to enable cipher for an application?
Regards,
Thiyagu
07-25-2012 08:43 AM
Hi,
You can use parameter map to include ciphers that you need to negotiate during SSL handshake.
parameter-map type ssl PARAMMAP_SSL_INITIATION
cipher RSA_WITH_RC4_128_MD5
cipher RSA_WITH_RC4_128_SHA
cipher RSA_WITH_DES_CBC_SHA
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA
cipher RSA_WITH_AES_256_CBC_SHA
cipher RSA_EXPORT_WITH_RC4_40_MD5
cipher RSA_EXPORT1024_WITH_RC4_56_MD5
cipher RSA_EXPORT_WITH_DES40_CBC_SHA
cipher RSA_EXPORT1024_WITH_DES_CBC_SHA
cipher RSA_EXPORT1024_WITH_RC4_56_SHA
version all
Regards,
Kanwal
07-26-2012 07:36 AM
Hi,
Please help me know what is the function of Cipher and how to configure cipher for probe, L4 and L7 class-map.
Please share any cisco links to know more about Cisco.
Regards,
Thiyagu
07-26-2012 08:13 AM
The cipher is negotiated in the SSL handshake between the client and server to determine the type and level of encryption you want to use for this connection. By default all of the ciphers that the ACE supports can be used. If you want to restrict this to a specific cipher you can create the parameter-map as Kanwal suggested in the earlier post. This gets applied under the ssl-proxy service used for the ssl termination.
.
The sample below is only related to the cipher for the vip and probe config. You can look over the link below on ssl termination to see how all of these pieces tie together in a full config.
parameter-map type ssl PARAMMAP_SSL_INITIATION
cipher RSA_WITH_AES_256_CBC_SHA
ssl-proxy service test
cert mycert.pem
key mykey.pem
ssl advanced-options test1234
probe https test1234
interval 30
passdetect interval 60
port 443
ssl cipher RSA_WITH_AES_256_CBC_SHA
expect status 200 200
I hope this helps.
Best regards
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide