Solved: SSL3 on CSS11500

ahmed.gadi · ‎05-24-2011

Hi all,

Today i had meeting with security auditor for a customer, he told me that i need to enable SSL3 on content switch as his scanning found that all network is working on SSL2.

I could not understand his view and then when i found the content switch documentation, it is mentioned that SSL3 is default enable on content switch.

"By default, the SSL version is SSL version 3 and TLS version 1. The SSL module sends a ClientHello that has an SSL version 3 header with the ClientHello message set to TLS version 1."

So can someone tell me, do i have to do some kind of configuration to enable SSL3 or its enable by default ? Please clarify.

Regards

Ahmed...

Daniel Arrondo Ostiz · ‎05-27-2011

Hi Ahmed,

As stated in the documentation, the CSS only supports SSLv3 and TLS, so, it would be worth checking how exactly the security scan is reaching the conclusion that SSLv2 is being used.

Regards

Daniel

View solution in original post

Daniel Arrondo Ostiz · ‎05-27-2011

Hi Ahmed,

As stated in the documentation, the CSS only supports SSLv3 and TLS, so, it would be worth checking how exactly the security scan is reaching the conclusion that SSLv2 is being used.

Regards

Daniel

ahmed.gadi · ‎05-29-2011

many thanks... I had meeting with security auditor and apparently found that he was talking about SSL3 which is not related to CSS, he corrected his report.

Thanks for your valuable advice.

a.whiting · ‎06-16-2011

Hi Ahmed,

We had a similar conversation too, recently, until we made people aware that SSL v3 = TLS, and are using TLS v1 certs on our CSS's under a private PKI.

The CSS does NOT support SSL v1, it will support SSL v2 but, as this is also deprecated now, TLS v1 is the way to go.

Regards,

Andy.