Hello,

I am new to Cisco ESA, so can you please help me with the below? I think it must be easy for someone familiar.

We have a partner who want to meet the following requirements:

1) Minimum requirements TLSv1.2
2) Use of approved X509v3 digital certificate 
3) Certificate key size must be 2048 
4) Mail host cipher strength must be 256 or higher.

I think for the first requirement, it is met since cisco ESA by default supports TLSv1.1 or higher, so they will negotiate and our host will force to choose TLSv1.2.

See questions below: 

1. How can I see if my certificate is x509v3? is there any way to see it on ESA? I was initially searching at the network -> Certificates but I did not see anything useful, should I have a look at CLI? 

2. Where I can see my certificate key size.

3. From SSL configuration on GUI, I think by default ESA is using some 256 ciphers, of course, I know that they must be suitable with our partners in order communication to be established, can you please confirm?

Last but not least, is there any way all the above to be specified solely for one partner? There is the "Destination Controls" in which you can force TLS to be required for the communication, but I see no parameters/options for the above.

Waiting for your replies,

Thank you in advance

MEB