Re: Enabling SSL3 on Pix515E ver 6.3

polofalltrades · ‎10-05-2009

Hi,

Good day to all NetPros. I would like to ask something, and answers are greatly appreciated.

Our company is running Pix515E software version 6.3(3). Our mother company did a network security audit, and found out that the appliance is running on SSL 2.0. They recommend that we upgrade that to SSL 3.0.

Problem is I am really not so sure if that is possible with our good 'ol Pix Firewall. I am not even sure how they determined that it is running with SSL 2.0. Is it possible for me to run the appliance on SSL 3.0? I know it's a pretty old security appliance and the software version is also quite old.

What do I need to do for me to enable that SSL 3.0? Thanks in advance for your replies. More power to all!

Here's something from the Pix itself that I think would pretty much help us out.

"Cisco PIX Firewall Version 6.3(3)

Cisco PIX Device Manager Version 3.0(1)

Compiled on Wed 13-Aug-03 13:55 by morlee

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

This PIX has a Restricted (R) license.

Serial Number: 807403538 (0x30200012)

Configuration last modified by enable_15 at 11:36:31.088 UTC Wed Jul 22

2009"

Collin Clark · ‎10-06-2009

I believe the PIX does not support SSLv3 in the 6.x code. I'm pretty sure it does in 7.x. I checked the ASA in 8.x code and it does for sure. Maybe you can work out an upgrade!

polofalltrades · ‎10-06-2009

Ah, I see. Yes, I've also checked with Pix SW ver 7.0 and I saw using context sensitive help that I have these options with "ssl ?" command

client-version

encryption

server-version

trust-point

I've read documentations regarding this on the command lookup tool. But I'm a bit confused actually, between the difference of client-version and server-version, and the possible effects on the network. What's worse is that it might affect SSL VPN users