Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide
Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
Configure
INBOUND - ESA acting as TLS server
Recommended sslconfig settings for INBOUND
OUTBOUND - ESA acting as TLS client
Recommended sslconfig settings for OUTBOUND
Related Information
Introduction
This document describes how to configure preference for Perfect Forward Secrecy (PFS) in
Transport Layer Security (TLS) encrpyted connections on the Email Security Appliance (ESA).
Transport Layer Security (TLS) encrpyted connections on the Email Security Appliance (ESA).
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
SSL/TLS
●
Components Used
The information in this document is based on these software and hardware versions:
AsyncOS for Email version 9.6 and above
●
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Background Information
The ESA does offer Forward Secrecy (Perfect Forward Secrecy). Forward secrecy means that the
data is transferred via a channel that is using symmetrical encryption with ephemeral secrets, and
even if the private key (long-term key) on one or both of the hosts was compromised, it is not
possible to decrypt a previously recorded session.
data is transferred via a channel that is using symmetrical encryption with ephemeral secrets, and
even if the private key (long-term key) on one or both of the hosts was compromised, it is not
possible to decrypt a previously recorded session.
The secret is not transferred through the channel, instead the shared secret is derived using a