Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Recommendation VPN SSL without encryption RC4

Hi

Actually I´m using Annyconnect in ASA with SSL RC4 Cipher Suites Supported, by vulnerability it is recommended to use encryption without RC4.

The question is the next, there is a document that show the best practice or recommendations to do that?, I don´t know if there is an impact in this change or if this is supported in the code.

Regards

Ricardo

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Recommendation VPN SSL without encryption RC4

Ricardo,

The recommendations:

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#15

The impact is typically two fold:

- Will all the clients/browsers support new ciphers

- How much computational overhead will be introduced.

ASA side there's a crypto chip which is quite efficent at handling crypto in general.

If your clients support it look into enabling DHE based ciphers.

I do not think there is one big best practices doc avilable, one needs to know a bit more about the environment.

M.

2 REPLIES
Cisco Employee

Recommendation VPN SSL without encryption RC4

Ricardo,

The recommendations:

http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html#15

The impact is typically two fold:

- Will all the clients/browsers support new ciphers

- How much computational overhead will be introduced.

ASA side there's a crypto chip which is quite efficent at handling crypto in general.

If your clients support it look into enabling DHE based ciphers.

I do not think there is one big best practices doc avilable, one needs to know a bit more about the environment.

M.

New Member

Recommendation VPN SSL without encryption RC4

Marcin

We chance the encryption to aes128-sha1 and is operating correctly.

Thanks for your help

regards


1393
Views
0
Helpful
2
Replies
CreatePlease to create content