Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3469
Views
5
Helpful
2
Replies

ssl cipher

Go to solution
M Mohammed
Level 1
Level 1

‎10-24-2017 05:10 AM - edited ‎03-12-2019 04:39 AM

on performing pen test we were advised to remove DES-CBC3-SHA 

 

looking at our asa config i can see 

 

ssl cipher default custom "AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "AES128-SHA:AES256-SHA:DES-CBC3-SHA"

 

if i remove the cipher DES-CBC3-SHA, will the anyconnect clients get disconnected?

 

note: none of the anyconnect clients are using DES-CBC3-SHA 

 

Please advise

 

many thanks

MM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GioGonza
Level 4
Level 4

‎10-24-2017 06:38 AM

Hello @M Mohammed,

 

If nobody is using it, you can remove it safely. Either way, the ASA will try first AES128-SHA and after AES256-SHA so you shouldn´t have any problem. 

 

It won´t affect anything else, if you want to check first issue the command "show vpn-sessiondb detail anyconnect".

 

HTH

Gio

View solution in original post

2 Replies 2

Go to solution
GioGonza
Level 4
Level 4

‎10-24-2017 06:38 AM

Hello @M Mohammed,

 

If nobody is using it, you can remove it safely. Either way, the ASA will try first AES128-SHA and after AES256-SHA so you shouldn´t have any problem. 

 

It won´t affect anything else, if you want to check first issue the command "show vpn-sessiondb detail anyconnect".

 

HTH

Gio

Go to solution
M Mohammed
Level 1
Level 1
In response to GioGonza

‎10-24-2017 07:08 AM

Many thanks G, going to implement it tomorrow and will reply with the outcome.

 

MM

0 Helpful
Customers Also Viewed These Support Documents