10-05-2009 08:15 PM - edited 03-09-2019 10:37 PM
Hi,
Good day to all NetPros. I would like to ask something, and answers are greatly appreciated.
Our company is running Pix515E software version 6.3(3). Our mother company did a network security audit, and found out that the appliance is running on SSL 2.0. They recommend that we upgrade that to SSL 3.0.
Problem is I am really not so sure if that is possible with our good 'ol Pix Firewall. I am not even sure how they determined that it is running with SSL 2.0. Is it possible for me to run the appliance on SSL 3.0? I know it's a pretty old security appliance and the software version is also quite old.
What do I need to do for me to enable that SSL 3.0? Thanks in advance for your replies. More power to all!
Here's something from the Pix itself that I think would pretty much help us out.
"Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 13-Aug-03 13:55 by morlee
Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
This PIX has a Restricted (R) license.
Serial Number: 807403538 (0x30200012)
Configuration last modified by enable_15 at 11:36:31.088 UTC Wed Jul 22
2009"
10-06-2009 05:49 AM
I believe the PIX does not support SSLv3 in the 6.x code. I'm pretty sure it does in 7.x. I checked the ASA in 8.x code and it does for sure. Maybe you can work out an upgrade!
10-06-2009 05:08 PM
Ah, I see. Yes, I've also checked with Pix SW ver 7.0 and I saw using context sensitive help that I have these options with "ssl ?" command
client-version
encryption
server-version
trust-point
I've read documentations regarding this on the command lookup tool. But I'm a bit confused actually, between the difference of client-version and server-version, and the possible effects on the network. What's worse is that it might affect SSL VPN users
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide