cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1776
Views
0
Helpful
1
Replies

Ironport - How to disable cipher

Lance Wendel
Level 1
Level 1

Hi all,

one of our customers came across with the question related to Ironport. due to their security audit, they are now facing disabling weak/insecure cipher alog on their WAS.

e.g

TLS_ECDHE_RSA_WITHRC4_!"*_SHA(0xc011)

so my question to you, would it be possible to disable this ?  or do I need to escalate this to Cisco/ironport team.

thanks in advance

Lancellot

1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

Hello Lancellot,

On your ESA, you should be able to log into the CLI (or GUI if you're on version 9.6+, GUI > System Admin> SSL Configuraiton) 

CLI > sslconfig


Here you can alter the ciphers for usage.
If you can obtain the SSL cipher string which their security team would prefer the ESA to use, you can paste the string here.

Else you can edit SSL configuration as explained in: SSL Cipher Edit on ESA

Regards,

Matthew

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: