Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE Remote Access with Strong Encryption

How can you force the ACE to use a strong cipher for remote management through an HTTPS session?  After viewing an SSLScan of the admin interface, multiple 56 and 40 bit ciphers are being allowed...

sslscan --no-failed 10.10.10.10 | grep -i accepted
    Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Accepted  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
    Accepted  SSLv3  56 bits   DES-CBC-SHA
    Accepted  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
    Accepted  SSLv3  40 bits   EXP-DES-CBC-SHA
    Accepted  SSLv3  40 bits   EXP-RC4-MD5

I have tried to create an SSL parameter map, but I don't know where to apply it for remote access.

Thanks,

Tim

2 REPLIES
Cisco Employee

ACE Remote Access with Strong Encryption

Hi Tim,

The SSL parameter maps apply only to load-balanced connections. For management, the only thing you can do is enable/disable access. The cipher list cannot be modified.

I wish I could give you a more satisfactory answer.

Regards

Daniel

Hall of Fame Super Silver

ACE Remote Access with Strong Encryption

This sounds like you are trying to verify and enforce security compliance based on a scan. Perhpas it would be acceptable to put an ACL on your management interface and then enforce use of strong ciphers on the client end (as opposed to the ACE end) with something like a GPO or manual configuration.

641
Views
5
Helpful
2
Replies
CreatePlease login to create content