Cisco Cisco Web Security Appliance S390
2
Release Notes for Cisco AsyncOS 8.0.8 for Web
New Features in This Release
New Features in Release 8.0.8 (GD)
Primary changes in this release are related to disabling and enabling SSLv3 and elliptic-curve
Diffie-Hellman ephemeral (ECDHE) features.
Diffie-Hellman ephemeral (ECDHE) features.
Note
Please use the
, in conjunction with this release.
New Features in Release 8.0.7
This is a maintenance release; no new features were added.
Feature Description
SSL configuration
For enhanced security, you can enable and disable SSLv3 for several
services. Services with SSLv3 disabled will use TLSv1.0.
services. Services with SSLv3 disabled will use TLSv1.0.
You can enable and disable SSLv3 for Appliance Management Web User
Interface, Proxy Services (includes HTTPS Proxy and Credential
Encryption for Secure Client), Secure LDAP Services (includes
Authentication, External Authentication, SaaS SSO, and Secure Mobility),
as well as the Update Service.
Interface, Proxy Services (includes HTTPS Proxy and Credential
Encryption for Secure Client), Secure LDAP Services (includes
Authentication, External Authentication, SaaS SSO, and Secure Mobility),
as well as the Update Service.
Use the Web interface (System Administration > SSL Configuration), or the
CLI (
CLI (
sslconfig
).
ECDHE authentication
Additional ECDH ciphers are supported in successive releases; however,
certain named curves provided with some of the additional ciphers cause
the appliance to close a connection during secure LDAP authentication and
HTTPS traffic decryption.
certain named curves provided with some of the additional ciphers cause
the appliance to close a connection during secure LDAP authentication and
HTTPS traffic decryption.
If you experience these issues, use the
sslconfig
command,
ECDHE
option,
command to disable or enable ECDHE cipher use for either or both features.
Here is a snippet of the CLI for this:
Here is a snippet of the CLI for this:
Choose the operation you want to perform:
- SSLV3 - Enable or disable SSL v3.
- ECDHE - Enable or disable ECDHE Authentication.
[]> ECDHE
ECDHE cipher status is enabled in Proxy & enabled in LDAP
Please select an option to change ECDHE cipher status:
- 1 - Toggle ECDHE cipher status in Proxy
- 2 - Toggle ECDHE cipher status in LDAP
- 3 - Enable ECDHE cipher in both Proxy & LDAP
- 4 - Disable ECDHE cipher in both Proxy & LDAP
[]>