I've made this change and the TLS connections that were failing are now succeeding. Thank you.
Can you expand further on what this change is doing?
Prior to the change TLS connections using DHE-RSA-AES256-SHA were succeeding and that's what this server is using.
Also, we are not running in FIPS mode as of yet but will be attempting to enable it soon, I see in the documentation where if FIPS is enabled I can no longer modify sslconfig settings... Will manually changing this impact my ability to enable FIPS mode?
his config is used to prevent null and anonymous ciphers from negotiating . You can apply this to the outbound or inbound cipher list. However, the workaround for this issue can be accomplished by simply denying these two specific ciphers.
If you also want to block null and anonymous ciphers and stick with ciphers above 128 bits , you can use this format.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...