Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
5
Helpful
0
Replies

Best Proxy Services cipher suite settings?

FM2011
Level 1
Level 1

‎10-10-2018 01:59 AM - edited ‎09-06-2019 12:50 AM

Update 2019-09-06:

Due to the latest vulnerabilities, this seems to be the best right now:

EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:DHE+AESGCM:DH+AESGCM:ECDHE+ECDSA:EECDH:DHE:DH:aRSA+AESGCM:HIGH:MEDIUM:!NULL:!aNULL:!3DES:!SEED:!DSS:!RSA+CAMELLIA

 

Hello!


In the latest Cisco WSA Release Notes for AsyncOS 11.5.1 is a recommendation for cipher suites.
Can anyone explain to me why Cisco would recommend the following:

EECDH:DSS:RSA:!NULL:!eNULL:!EXPORT:!3DES:!RC4:!RC2:!DES:!SEED:!CAMELLIA:!SRP:!IDEA:!ECDHE-ECDSA-AES256-SHA:!ECDHE-RSA-AES256-SHA:!DHE-DSS-AES256-SHA:!AES256-SHA:DHE-RSA-AES128-SHA

 

I would rather recommend the following for best performance, compatibility and security:
ECDHE+ECDSA:EECDH:DHE:HIGH:MEDIUM:!NULL:!eNULL:!aNULL:!3DES:!SEED:!DSS:!RSA+CAMELLIA

3 people had this problem
Labels:
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents