Conditions: The default configuration of SSL on all versions of the ASA enables SSLv3. Due to CSCug51375, the ASA is unable to disable SSLv3 on ASA v9.0.x and v9.1.1.x.
To see the SSL configuration: show run all ssl
Default configuration of the ASA: ssl client-version any ssl server-version any
The following non-default configuration values also enable SSLv3: ssl client-version sslv3-only ssl client-version salve ssl server-version sslv3-only ssl server-version sslv3
The following versions are vulnerable regardless of ssl configuration: * 9.0.x * 9.1.1.x
Workaround: Disable SSLv3, write the changes to the startup-config.
This workaround only applies to the following versions: * 7.x and later * 8.2 and later * 8.3 and later * 8.4 and later * 8.5 and later * 8.6 and later * 8.7 and later * 9.1.2 and later (with CSCug51375 fix) * 9.2.1 and later (with CSCug51375 fix) * 9.3.1 and later
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...