We currently use a CSS11506 as our reverse
proxy for all inbound ssl connections. It has the SSL mod installed.
A recent VA discovered that the CSS allows both 56bit and 128bit ssl connections.
Is there a way on the CSS to force only 128bit ssl connections thru ?
Any help would be appreciated.
if you do not configure the ssl cipher for 56 bits encryption the CSS will not accept this level of encryption.
The ciphers are defined as follow :
ssl-server 1 cipher rsa-with-rc4-128-md5 192.168.20.222 81
ssl-server 1 cipher rsa-with-rc4-128-sha 192.168.20.222 81
Here is the list of ciphers we do accept
CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 cipher ?
So, only configure the ones you need.