Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

sslconfig - Changing the cipher

Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else? (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.) Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

1 REPLY
Community Member

Re: sslconfig - Changing the cipher

This kb article may give some insight on how to best order your ciphers, but it appears that you want a balance between the most commonly implemented ciphers in the industry and speed/security.

How to configure which protocols and ciphers to select on an Email Security Appliance (ESA)

http://tinyurl.com/2z4bpx


Has anyone changed sslconfig Inbound/Outbound ciphers from the default (RC4-SHA:RC4-MD5:ALL) to something else?  (NOTE: We are looking to adding DHE-RSA-AES-256-SHA as our number 1 choice.)  Was there any added overhead when you made this change? If so how much?

Lastly, we have Preferred TLS set as the default connection type.

490
Views
0
Helpful
1
Replies
CreatePlease to create content