Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3344
Views
0
Helpful
1
Replies

Is it possible to disable SSL v3 and enable TLS on Cisco IOS?

BS Wu
Level 1
Level 1

‎08-05-2016 01:54 AM - edited ‎03-08-2019 06:53 AM

Hi,

Appreciate it if someone can confirm whether it's possible to disable SSL v3 on Cisco IOS, and enable TLS instead.

This was flagged by a Nessus security scan.


Seems like it's currently not possible:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv24653/?referring_site=bugquickviewredir

Thanks in advance

1 person had this problem
Labels:
0 Helpful
1 Reply 1

ahmedshoaib
Level 4
Level 4

‎08-06-2016 07:34 AM

Hi;

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as "SSL” & work on port 443 by default.

If you want to enable on Cisco Router, which I am not sure & need to do little be research.

While on Cisco ASA firewall you can achieve this with 9.1(X) OS.

You need to modify the SSL setting parameters (via ASDM)

Configuration à Remote Access VPN à Advance à SSL Settings:

The min. SSL Version for the security appliance to negotiate as (Client / Server) à TLS / TLS v1.1 / TLS v 1.2

Diffe-Hellman group to be used with SSL à Group 24 – 2048-bit modules

ECDH group to be used with SSL à Group 19 – 256-bit EC

& Custom Encryption (in case of TLS v1.2)

AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA

( OR )

AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHARIFAH

Thanks & Best regards;

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card