ACE & SSLV3

axfalk · ‎05-20-2009

Does anybody happen to know if ACE supports SSLV3?

Thanks..

ciscocsoc · ‎05-21-2009

Yes - from the ACE SSL Configuration Guide:

"The ACE supports SSL Version 3.0 and Transport Layer Security (TLS) Version 1.0. The ACE understands and accepts an SSL Version 2.0 ClientHello message, known as a hybrid 2/3 hello message, allowing dual-version clients to communicate with the ACE. When the client indicates SSL Version 3.0 in the Version 2.0 ClientHello, the ACE understands that the client can support SSL Version 3.0 and returns a Version 3.0 ServerHello message.

Note: The ACE cannot pass network traffic if the client supports only SSL Version"

HTH

Cathy

axfalk · ‎07-16-2009

Cathy, thnx.

Do you happen to know a command for showing the existing version of SSL that's running on the ACE? - I can't seem to find it anywhere.

Thanks again..

khaderbasha · ‎07-16-2009

Try this -

show stats crypto client:

SSLv2 client hello received: 0

SSLv3 client hello received: 0

TLSv1 client hello received: 0

SSLv3 negotiated protocol: 0

TLSv1 negotiated protocol: 0

SSLv3 full handshakes: 0

SSLv3 resumed handshakes: 0

Cipher sslv3_rsa_rc4_128_md5: 0

Cipher sslv3_rsa_rc4_128_sha: 0

Cipher sslv3_rsa_des_cbc_sha: 0

Cipher sslv3_rsa_3des_ede_cbc_sha: 0

Cipher sslv3_rsa_exp_rc4_40_md5: 0

Cipher sslv3_rsa_exp_des40_cbc_sha: 0

Cipher sslv3_rsa_exp1024_rc4_56_md5: 0

Cipher sslv3_rsa_exp1024_des_cbc_sha: 0

Cipher sslv3_rsa_exp1024_rc4_56_sha: 0

Cipher sslv3_rsa_aes_128_cbc_sha: 0

Cipher sslv3_rsa_aes_256_cbc_sha: