I am looking for a way to filter out all SSL Downgrade attempts for traffic passing through my FWSMs and/or ASAs.
This traffic (the request to downgrade to a weaker cipher) is sent in the clear so this should be filterable by a FW somehow.
I found this Cisco IPS rule that alerts when such traffic is encountered:
How can I filter out all SSL downgrade attempts for traffic flowing through an FWSM or ASA? This should be possible.
Thank you in advance: