05-08-2015 03:36 AM
Does the ACE 4710 support FS (Forward Secrecy)?
In respect of FS (Forward Secrecy) I found a nice link that discusses the cipher suites required to support this.
In the nutshell, these are some of the suites we might want to enable and push (close) to the top:
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
However what I cannot see is how this maps to the supported suites on the ACE.
ACE-4710(config-parammap-ssl)# cipher ?
RSA_EXPORT1024_WITH_DES_CBC_SHA Accept RSA_EXPORT1024_WITH_DES_CBC_SHA cipher
RSA_EXPORT1024_WITH_RC4_56_MD5 Accept RSA_EXPORT1024_WITH_RC4_56_MD5 cipher
RSA_EXPORT1024_WITH_RC4_56_SHA Accept RSA_EXPORT1024_WITH_RC4_56_SHA cipher
RSA_EXPORT_WITH_DES40_CBC_SHA Accept RSA_EXPORT_WITH_DES40_CBC_SHA cipher
RSA_EXPORT_WITH_RC4_40_MD5 Accept RSA_EXPORT_WITH_RC4_40_MD5 cipher
RSA_WITH_3DES_EDE_CBC_SHA Accept RSA_WITH_3DES_EDE_CBC_SHA cipher
RSA_WITH_AES_128_CBC_SHA Accept RSA_WITH_AES_128_CBC_SHA cipher
RSA_WITH_AES_128_CBC_SHA256 Accept RSA_WITH_AES_128_CBC_SHA256 cipher
RSA_WITH_AES_256_CBC_SHA Accept RSA_WITH_AES_256_CBC_SHA cipher
RSA_WITH_DES_CBC_SHA Accept RSA_WITH_DES_CBC_SHA cipher
RSA_WITH_RC4_128_MD5 Accept RSA_WITH_RC4_128_MD5 cipher
RSA_WITH_RC4_128_SHA Accept RSA_WITH_RC4_128_SHA cipher
Is it supported?
Solved! Go to Solution.
05-09-2015 03:25 PM
Hi Greg,
ACE doesn't support forward secrecy and there are no plans too. With A532 which was supposed to be the last ACE version to be released, i don't see this being implemented.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
05-09-2015 03:25 PM
Hi Greg,
ACE doesn't support forward secrecy and there are no plans too. With A532 which was supposed to be the last ACE version to be released, i don't see this being implemented.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
05-20-2015 02:21 AM
Hi
Thank you for the post. Do you have a link or a document that refers to this? As I can't find anything?
Regards
08-07-2015 11:43 PM
ACE 4710 & ACE30 don't support forward secrecy. However, there is one more release coming in late August - A5(3.3) which should plug some more SSL bugs.
09-06-2017 05:44 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: