Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2676
Views
5
Helpful
2
Replies

TLS renegotiation option in SSL configuration

tminchin
Level 1
Level 1

‎10-27-2021 10:30 PM

We recently upgraded our Cisco ESA and I notice there is a new check box option in SSL Configuration called "TLS Renegotiation". It seems to be checked by default - but doesn't seem to be mentioned in documentation.

 

I'm wondering if we should turn it off as TLS renegotiation is generally regarded by our security team as an issue (Transport Layer Security Renegotiation Vulnerability - Cisco)

1 person had this problem
Labels:
2 Replies 2

Libin Varghese
Cisco Employee
Cisco Employee

‎12-08-2021 09:20 PM

This appears to have been added as part of the below enhancement.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm10442

 

The options were kept enabled by default which was the safest option to ensure minimal impact, since disabling it might cause email issues for customers right after the upgrade.

Customers do have the option to go in and enable/disable it as per requirement.

 

Old behavior: Secure Client-Initiated TLS Renegotiation enabled and allowed by default for Admin UI and Inbound SMTP. No way to disable it.

New behavior: Secure Client-Initiated TLS Renegotiation enabled by default for Admin UI and Inbound SMTP. However, administrator can choose to disable it if they wish to. When disabled, TLS Renegotiation requests from TLS clients will not be honoured for Admin UI and Inbound SMTP.

 

Regards,

Libin

0 Helpful

Dan1999
Level 1
Level 1
In response to Libin Varghese

‎10-21-2022 08:33 AM

Hi, Are there any pre checks that can be done to check mail flow will work after disabling Secure Client-Initiated TLS Renegotiation on the ESA appliances? 

0 Helpful
Customers Also Viewed These Support Documents