Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SGC SSL Cert on 11501 only doing 40 bit encryption

Dear Support,

Just received the official SSL cert from thawte, but it is only showing as 40 bit encryption not 128.

Can you help?

Thanks,

Adrian.

2 REPLIES
New Member

Re: SGC SSL Cert on 11501 only doing 40 bit encryption

fixed this myself, didn't have the matching cipher;

was;

ssl-server 20 cipher rsa-export-with-rc4-40-md5 192.168.68.174 8080 weight 5

now;

ssl-server 20 cipher rsa-with-rc4-128-md5 192.168.68.174 8080 weight 5

Should i be using the all-ciphers rather than restricting it just to 128bit?

thanks,

adrian

New Member

Re: SGC SSL Cert on 11501 only doing 40 bit encryption

'all-ciphers' will allow all encryption mechanisms including ones that essentially allow anonymous access. If the application transmits personal or sensitive information you probably don't want that.

If the web site has "international" customers then you need to specify at least some ciphers that have the word "export" in them. If the customer base you serve is US only, the one you are using is probably OK.

PS - you don't really need a weight unless you are specifying more than one cipher and want to have one preferred over the others. For example, you might prefer a 128 bit cipher but if the client is coming from a foreign country where the 128 is not available then allow an exportable cipher - which is not as strong.

150
Views
0
Helpful
2
Replies