cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1435
Views
0
Helpful
2
Replies

ASA ssl to tls

Hi guys. I have a recommendation to switch from SSLv2 to SSLv3 , but I see there is bug at SSLv3 poodle bug. And Cisco recommend to disable sslv3 and enable tlsv1 .

on my ASA , version 9.2.3.4

"show ssl"

1 Accept connections using SSLv2 or greater and negotiate to TLSv1
2 Start connections using TLSv1 only and negotiate to TLSv1 only
3 Enabled cipher order: rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1

-does line 1 and 2 mean that ASA already works with TLS instead of SSL ? 

-if yes do i need still to switch to sslv3 and then do ASA(config)# ssl client-version tlsv1-only  ?

How can i leave only AES 256-SHA1 encryption? 

thank you 

2 Replies 2

Shivapramod M
Level 1
Level 1

Hi,

Yes, the ASA supports tlsv1 in your current version. You can mention the client-version and server-version as tslv1 so that you do not hit the POODLE vulnerability.

Regarding the cipher settings on the ASA you can refer "ssl cipher" section in the below link

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s16.html#pgfId-1724385

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Thank you Shivapramod . But from your post its not clear : 

do i need still to switch to SSLv3 and then do ASA(config)# ssl client-version tlsv1-only  

ssl server-version tlsv1-only

or not ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card