Cisco Cisco Web Security Appliance S690 릴리즈 노트
3
Release Notes for Cisco IronPort AsyncOS 7.7.0 for Web (All Builds After Build 725)
7.7.0
Upgrade Paths
Upgrade Paths
•
•
•
•
Upgrading to Release 7.7.0-761 (GD - General Deployment)
Note
For S380 and S680 hardware only: At least one fix in this release also requires a RAID firmware
upgrade. For details, see
upgrade. For details, see
To ensure a successful upgrade, prepare for the upgrade process as described in
and
.
You can upgrade to release 7.7.0-761 from the following versions:
Certificate Trust
Store
Management
Store
Management
Greater management control of certificates and certificate authorities. View all of
the Cisco-bundled certificates, remove trust of any Cisco-trusted root certificate
authorities, and view the Cisco-published blacklist. This will provide more
flexibility in making your own decisions with regards to acceptable and
unacceptable certificates used by the WSA.
the Cisco-bundled certificates, remove trust of any Cisco-trusted root certificate
authorities, and view the Cisco-published blacklist. This will provide more
flexibility in making your own decisions with regards to acceptable and
unacceptable certificates used by the WSA.
Within the Web UI, import your own trusted certificates and add them to the trusted
root certificate list. View current Cisco-trusted root certificates and select an option
to override each individual certificate, removing trust by the WSA for that
certificate. View Cisco’s intermediate certificate blacklist. Due to real-life
incidents where certain intermediate CA's were compromised, the WSA was given
a hard-coded list of blacklisted intermediate certificates that was previously
transparent to administrators. This now becomes a viewable list. See Adding
Certificates to the Trusted List and Removing Certificates from the Trusted List in
the user guide or online help.
root certificate list. View current Cisco-trusted root certificates and select an option
to override each individual certificate, removing trust by the WSA for that
certificate. View Cisco’s intermediate certificate blacklist. Due to real-life
incidents where certain intermediate CA's were compromised, the WSA was given
a hard-coded list of blacklisted intermediate certificates that was previously
transparent to administrators. This now becomes a viewable list. See Adding
Certificates to the Trusted List and Removing Certificates from the Trusted List in
the user guide or online help.
Encrypted
Private Keys
Private Keys
Use encrypted, password-protected private keys. Upload encrypted private keys
and provide a password for the WSA to decrypt them. The WSA then stores these
private keys by obfuscating/encrypting them with a password that is unknown to the
user. When configurations are exported to a file, private keys remain obfuscated and
unreadable to the user. The WSA can decrypt them when the configuration is
loaded onto a WSA. See Uploading a Root Certificate and Key in the user guide or
online help.
and provide a password for the WSA to decrypt them. The WSA then stores these
private keys by obfuscating/encrypting them with a password that is unknown to the
user. When configurations are exported to a file, private keys remain obfuscated and
unreadable to the user. The WSA can decrypt them when the configuration is
loaded onto a WSA. See Uploading a Root Certificate and Key in the user guide or
online help.
Enhancements
SNI extension for
Transparent SSL
Handshake
Transparent SSL
Handshake
Access the Server Name Indication (SNI) extension to parse the destination server
name. This is useful when making requests to virtual servers hosting multiple
HTTPS websites such as youtube.com and google.com.
name. This is useful when making requests to virtual servers hosting multiple
HTTPS websites such as youtube.com and google.com.
[Defect Number: 74969, CSCzv50011]
Feature
Description