Is it possible to disable SSL v3 and enable TLS on Cisco IOS?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2016 01:54 AM - edited 03-08-2019 06:53 AM
Hi,
Appreciate it if someone can confirm whether it's possible to disable SSL v3 on Cisco IOS, and enable TLS instead.
This was flagged by a Nessus security scan.
Seems like it's currently not possible:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv24653/?referring_site=bugquickviewredir
Thanks in advance
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2016 07:34 AM
Hi;
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as "SSL” & work on port 443 by default.
If you want to enable on Cisco Router, which I am not sure & need to do little be research.
While on Cisco ASA firewall you can achieve this with 9.1(X) OS.
You need to modify the SSL setting parameters (via ASDM)
Configuration à Remote Access VPN à Advance à SSL Settings:
The min. SSL Version for the security appliance to negotiate as (Client / Server) à TLS / TLS v1.1 / TLS v 1.2
Diffe-Hellman group to be used with SSL à Group 24 – 2048-bit modules
ECDH group to be used with SSL à Group 19 – 256-bit EC
& Custom Encryption (in case of TLS v1.2)
AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA
( OR )
AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHARIFAH
Thanks & Best regards;
