Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2806
Views
0
Helpful
4
Replies

ACE 4710 Forward Secrecy

Go to solution
greg.murray
Level 1
Level 1

‎05-08-2015 03:36 AM

Does the ACE 4710 support FS (Forward Secrecy)?

 

In respect of FS (Forward Secrecy) I found a nice link that discusses the cipher suites required to support this.

 

https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy?_ga=1.37950244.609993483.1431008577

 

In the nutshell, these are some of the suites we might want to enable and push (close) to the top:

    TLS_ECDHE_RSA_WITH_RC4_128_SHA

    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

 

However what I cannot see is how this maps to the supported suites on the ACE.

 

ACE-4710(config-parammap-ssl)# cipher ?

  RSA_EXPORT1024_WITH_DES_CBC_SHA  Accept RSA_EXPORT1024_WITH_DES_CBC_SHA cipher

  RSA_EXPORT1024_WITH_RC4_56_MD5   Accept RSA_EXPORT1024_WITH_RC4_56_MD5 cipher

  RSA_EXPORT1024_WITH_RC4_56_SHA   Accept RSA_EXPORT1024_WITH_RC4_56_SHA cipher

  RSA_EXPORT_WITH_DES40_CBC_SHA    Accept RSA_EXPORT_WITH_DES40_CBC_SHA cipher

  RSA_EXPORT_WITH_RC4_40_MD5       Accept RSA_EXPORT_WITH_RC4_40_MD5 cipher

  RSA_WITH_3DES_EDE_CBC_SHA        Accept RSA_WITH_3DES_EDE_CBC_SHA cipher

  RSA_WITH_AES_128_CBC_SHA         Accept RSA_WITH_AES_128_CBC_SHA cipher

  RSA_WITH_AES_128_CBC_SHA256      Accept RSA_WITH_AES_128_CBC_SHA256 cipher

  RSA_WITH_AES_256_CBC_SHA         Accept RSA_WITH_AES_256_CBC_SHA cipher

  RSA_WITH_DES_CBC_SHA             Accept RSA_WITH_DES_CBC_SHA cipher

  RSA_WITH_RC4_128_MD5             Accept RSA_WITH_RC4_128_MD5 cipher

  RSA_WITH_RC4_128_SHA             Accept RSA_WITH_RC4_128_SHA cipher

 

Is it supported?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎05-09-2015 03:25 PM

Hi Greg,

ACE doesn't support forward secrecy and there are no plans too. With A532 which was supposed to be the last ACE version to be released, i don't see this being implemented.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎05-09-2015 03:25 PM

Hi Greg,

ACE doesn't support forward secrecy and there are no plans too. With A532 which was supposed to be the last ACE version to be released, i don't see this being implemented.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

Go to solution
greg.murray
Level 1
Level 1
In response to Kanwaljeet Singh

‎05-20-2015 02:21 AM

Hi

Thank you for the post. Do you have a link or a document that refers to this? As I can't find anything?

Regards
 

0 Helpful

Go to solution
TIM JUDGE
Level 1
Level 1
In response to greg.murray

‎08-07-2015 11:43 PM

ACE 4710 & ACE30 don't support forward secrecy. However, there is one more release coming in late August - A5(3.3) which should plug some more SSL bugs.

0 Helpful

Go to solution
e.deparetere
Level 1
Level 1
In response to TIM JUDGE

‎09-06-2017 05:44 AM

Does the ACE 4710 A5(3.5) support FS (Forward Secrecy)?
Thank's a lot.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents