cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
2
Helpful
3
Replies

Disable SSL Block Chaining on Firepower for Client Remote Access

macloughs
Level 1
Level 1

Hi, my company uses a Cisco 4115 FTD version 7.2.7 to provide remote access for company employees. Cisco Secure Client and Cisco ISE are used as part of this solution. In a recent penetration test, the auditors advised that we disable cipher suites that operate in CBC mode on these devices. The reason they gave is that these cipher suites have the potential to leak information if used improperly.
We manage these devices through an FMC running 7.4.1.1. I have tried to determine how I can disable these suites but to no avail. Can anyone advise how to do this and also, whether it is a valid concern on behalf of the auditor?

Thanks

1 Accepted Solution
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The procedure is also covered in this community thread:

https://community.cisco.com/t5/vpn/anyconnect-perfect-forward-secrecy/td-p/3324415

FYI you should also upgrade to 7.2.9 or 7.4.2.1 to address other recent security vulnerabilities announced by Cisco.

https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300

macloughs
Level 1
Level 1

Thanks guys for the help. That was what I was looking for.

Review Cisco Networking for a $25 gift card