Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1484
Views
0
Helpful
2
Replies

Disable SSLv3 in AnyConnect on Cisco 2821

Rob Millerd
Level 1
Level 1

‎12-16-2014 05:34 PM - edited ‎02-21-2020 07:59 PM

We are running anyconnect-win-3.1.06073-k9.pkg on a 2821 IOS router.  Is there a way to disable SSLv3?

The release notes indicate CSCur27617 - AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux was resolved in AnyConnect 3.1.05187.

Thank you

1 person had this problem
Labels:
0 Helpful
2 Replies 2

rvarelac
Level 7
Level 7

‎12-16-2014 08:49 PM

Hi Rob , 

According to the bug: 

All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability 

On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.

If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.

 

As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.

 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

 

Hope it helps

 

- Randy - 

0 Helpful

Rob Millerd
Level 1
Level 1
In response to rvarelac

‎12-17-2014 08:24 AM

I was hoping the there was a way to disable it on the router. We are being scanned by our PCI ASV and failing because of the availability of SSLv3 on a public facing IP

0 Helpful
Customers Also Viewed These Support Documents