cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

307
Views
0
Helpful
1
Replies
Highlighted
Beginner

Utilizing ASA to 'upgrade' outbound TLS connections to TLS 1.2

We have an old legacy application which connects to a third party via SSL. The third party provider is limiting connections to using TLS 1.2 beginning in June. Our legacy application can only support TLS 1.0. Upgrading the application seems to be not possible at the moment according to our development team. We use a Cisco ASA 5515X at our border. I was wondering if there was any way to have an ASA 'proxy' TLS sessions for a particular inside host and connect to an Internet host using TLS 1.2 on behalf of the inside host? So something like the inside host (with the ASA as the default route) connects to the ASA outbound, the ASA intercepts this connection, holds it open while connecting to the requested outside host via TLS 1.2. I noticed that the ASA has a TLS proxy of sorts for use with securing VoIP sessions, but I wondered if it could be leveraged here for what I am trying to do. Is there any other way I can have the ASA intercept older TLS sessions and have them be upgraded to TLS 1.2? Thanks in advance for any ideas.

1 REPLY 1
Highlighted
Hall of Fame Guru

That feature is not available

That feature is not available on the ASA.

You would need something that does full SSL termination like an application delivery controller (Citrix Netscaler, F5 Big-IP LTM etc.).