cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1334
Views
5
Helpful
0
Replies

Best Proxy Services cipher suite settings?

FM2011
Level 1
Level 1

Update 2019-09-06:

Due to the latest vulnerabilities, this seems to be the best right now:

EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:DHE+AESGCM:DH+AESGCM:ECDHE+ECDSA:EECDH:DHE:DH:aRSA+AESGCM:HIGH:MEDIUM:!NULL:!aNULL:!3DES:!SEED:!DSS:!RSA+CAMELLIA

 

Hello!


In the latest Cisco WSA Release Notes for AsyncOS 11.5.1 is a recommendation for cipher suites.
Can anyone explain to me why Cisco would recommend the following:

EECDH:DSS:RSA:!NULL:!eNULL:!EXPORT:!3DES:!RC4:!RC2:!DES:!SEED:!CAMELLIA:!SRP:!IDEA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:DHE-RSA-AES128-SHA

 

I would rather recommend the following for best performance, compatibility and security:
ECDHE+ECDSA:EECDH:DHE:HIGH:MEDIUM:!NULL:!eNULL:!aNULL:!3DES:!SEED:!DSS:!RSA+CAMELLIA

0 Replies 0