cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

382
Views
0
Helpful
0
Replies
Highlighted
Beginner

Best Proxy Services cipher suite settings?

Hello!


In the latest Cisco WSA Release Notes for AsyncOS 11.5.1 is a recommendation for cipher suites.
Can anyone explain to me why Cisco would recommend the following:

EECDH:DSS:RSA:!NULL:!eNULL:!EXPORT:!3DES:!RC4:!RC2:!DES:!SEED:!CAMELLIA:!SRP:!IDEA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:DHE-RSA-AES128-SHA

 

I would rather recommend the following for best performance, compatibility and security:
ECDHE+ECDSA:EECDH:DHE:HIGH:MEDIUM:!NULL:!eNULL:!aNULL:!3DES:!SEED:!DSS:!RSA+CAMELLIA