TLS 1.0 being forced when traffic traverses Cisco ASA
We are facing a curious case here.
We have been informed that https://sbsftp.benefitfocus.com/ is not accessible and we thought it is being black listed for whatever reason after we whitelisted the address nothing changed and after running a packet capture and comparing with another device on another network we realized that anything trying to go to that website behind the ASA will negotiate TLSv1 whereas other networks will negotiate TLSv1.2 and even we connected the working device with VPN to the same ASA with issues and we could replicate the issue.
I'm not entirely clear on how ASA treats https connections but from what I see it definitely changes the TLS negotiation.
If someone knows the fix and even better how ASA works in this case, I would be very thankful.
We have ASA version 9.8 with sfr modules 184.108.40.206 and URL filtering and IPS enabled.
It's not the ASA that acts on the traffic. But Firepower definitely could. Look at your decryption policies if you have some rules that act on the TLS version and/or configure a rule that allows this traffic through unmodified.
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...
Firewalling will be a critical step for organizations to better align security with changing business and networking needs. Cisco has been hard at work building an integrated security platform with our firewall at the foundation to enable businesses to ma...
Discover the value of SecureX A new Forrester Total Economic Impact™ study commissioned by Cisco reveals that a composite organization using Cisco SecureX can see up to 90% reduction in analyst effort per incident by adopting an integrated approach t...
Dear Cisco Community,we recently published the new Secure Endpoint Best Practices Guide on cisco.com. It includes a wide range of useful information how a Cisco Secure Endpoint installation should be planned, deployed and maintained. The guide is useful ...