Cisco Cisco Web Security Appliance S380 Guida Utente

Appliance Management Web User Interface – Changing this setting will disconnect all active 
user connections.

Proxy Services – Includes HTTPS Proxy and Credential Encryption for Secure Client. This section 
also includes:

Cipher(s) to Use – You can enter additional cipher suites to be used with Proxy Services 
communications. Use colons (:) to separate the suites. To prevent use of a particular cipher, add an 
exclamation point (!) to the front of that string. For example, 

!EXP-DHE-RSA-DES-CBC-SHA

.

Be sure to enter only suites appropriate to the TLS/SSL versions you have checked.

Disable TLS Compression (Recommended) – You can check this box to disable TLS 
compression; this is recommended for best security.

Secure LDAP Services – Includes Authentication, External Authentication, SaaS SSO, and 
Secure Mobility.

Secure ICAP Services (External DLP) – Select the protocol(s) used to secure ICAP 
communications between the appliance and external DLP (data loss prevention) servers. See 

 for more information.

Update Service – Select the protocol(s) used for communications between the appliance and 
available update servers. See 

information about update services. 

Cisco’s Update servers do not support SSL v3, therefore TLS 1.0 or above must be enabled for 
the Cisco Update service. However, SSL v3 can still be used with a local update server, if it is 
so configured—you must determine which versions of SSL/TLS are supported on that server.

Click Submit.

You also can use the 

sslv3config

 CLI command to enable or disable these features. Further, you can 

use the 

sslconfig

 command, 

ECDHE

 option, to enable or disable ECDHE cipher use for LDAP services. 

The appliance uses digital certificates to establish, confirm and secure a variety of connections. The 
Certificate Management page lets you view and update current certificate lists, manage trusted root 
certificates, and view blocked certificates.