Showing results for 
Search instead for 
Did you mean: 

Utilizing ASA to 'upgrade' outbound TLS connections to TLS 1.2

We have an old legacy application which connects to a third party via SSL. The third party provider is limiting connections to using TLS 1.2 beginning in June. Our legacy application can only support TLS 1.0. Upgrading the application seems to be not possible at the moment according to our development team. We use a Cisco ASA 5515X at our border. I was wondering if there was any way to have an ASA 'proxy' TLS sessions for a particular inside host and connect to an Internet host using TLS 1.2 on behalf of the inside host? So something like the inside host (with the ASA as the default route) connects to the ASA outbound, the ASA intercepts this connection, holds it open while connecting to the requested outside host via TLS 1.2. I noticed that the ASA has a TLS proxy of sorts for use with securing VoIP sessions, but I wondered if it could be leveraged here for what I am trying to do. Is there any other way I can have the ASA intercept older TLS sessions and have them be upgraded to TLS 1.2? Thanks in advance for any ideas.

Hall of Fame Guru

That feature is not available

That feature is not available on the ASA.

You would need something that does full SSL termination like an application delivery controller (Citrix Netscaler, F5 Big-IP LTM etc.). 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here