Hi guys. I have a recommendation to switch from SSLv2 to SSLv3 , but I see there is bug at SSLv3 poodle bug. And Cisco recommend to disable sslv3 and enable tlsv1 .
on my ASA , version 220.127.116.11
1 Accept connections using SSLv2 or greater and negotiate to TLSv1
2 Start connections using TLSv1 only and negotiate to TLSv1 only
3 Enabled cipher order: rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
-does line 1 and 2 mean that ASA already works with TLS instead of SSL ?
-if yes do i need still to switch to sslv3 and then do ASA(config)# ssl client-version tlsv1-only ?
How can i leave only AES 256-SHA1 encryption?