Cisco Cisco Email Security Appliance X1070 Guía Para Resolver Problemas
Cisco bug ID CSCur27340 − SSL Version 3.0 POODLE Attack on the Cisco Ironport Encryption
Appliance (CVE−2014−3566)
Appliance (CVE−2014−3566)
•
In Non−Federal Information Processing Standards (FIPS) Mode, SSL Version 3.0 is enabled in the default
settings. In FIPS−Mode, SSL Version 3.0 is disabled by default. In order to check if FIPS mode is enabled,
enter:
settings. In FIPS−Mode, SSL Version 3.0 is disabled by default. In order to check if FIPS mode is enabled,
enter:
CLI> fipsconfig
FIPS mode is currently disabled.
When FIPS mode is disabled, check if SSL Version 3.0 is enabled in the sslconfig settings. When sslv3 is
listed as the method, SSL Version 3.0 is enabled. Change this to TLS Version 1 in order to disable SSL
Version 3.0.
listed as the method, SSL Version 3.0 is enabled. Change this to TLS Version 1 in order to disable SSL
Version 3.0.
CLI> sslconfig
sslconfig settings:
GUI HTTPS method: sslv3tlsv1
GUI HTTPS ciphers: <cipher list>
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers: <cipher list>
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers: <cipher list>
example.com> sslconfig
sslconfig settings:
GUI HTTPS method: sslv3tlsv1
GUI HTTPS ciphers: RC4−SHA:RC4−MD5:ALL
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers: RC4−SHA:RC4−MD5:ALL
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers: RC4−SHA:RC4−MD5:ALL
Choose the operation you want to perform:
− GUI − Edit GUI HTTPS ssl settings.
− INBOUND − Edit Inbound SMTP ssl settings.
− OUTBOUND − Edit Outbound SMTP ssl settings.
− VERIFY − Verify and show ssl cipher list.
[]> GUI
Enter the GUI HTTPS ssl method you want to use.
1. SSL v2.
2. SSL v3
3. TLS v1
4. SSL v2 and v3
5. SSL v3 and TLS v1
6. SSL v2, v3 and TLS v1
[5]> 3
Enter the GUI HTTPS ssl cipher you want to use.
[RC4−SHA:RC4−MD5:ALL]>
sslconfig settings:
GUI HTTPS method: tlsv1
GUI HTTPS ciphers: RC4−SHA:RC4−MD5:ALL
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers: RC4−SHA:RC4−MD5:ALL
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers: RC4−SHA:RC4−MD5:ALL
Choose the operation you want to perform:
− GUI − Edit GUI HTTPS ssl settings.
− INBOUND − Edit Inbound SMTP ssl settings.
− OUTBOUND − Edit Outbound SMTP ssl settings.