Cisco Cisco Email Security Appliance C170 사용자 가이드
34-54
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 34 System Administration
Changing Network Settings
Configuring SSL Settings
You can configure the SSL settings for the appliance using SSL Configuration Settings page or
sslconfig
command.
Procedure
Step 1
Click System Administration > SSL Configuration Settings.
Step 2
Click Edit Settings.
Step 3
Depending on your requirements, do the following:
•
Set GUI HTTPS SSL settings. Under GUI HTTPS, specify the SSL methods and ciphers that you
want to use.
want to use.
•
Set Inbound SMTP SSL settings. Under Inbound SMTP, specify the SSL methods and ciphers that
you want to use.
you want to use.
•
Set Outbound SMTP SSL settings. Under Outbound SMTP, specify the SSL methods and ciphers
that you want to use.
that you want to use.
Keep in mind that,
•
In non-FIPS mode, you cannot enable SSL v2 and TLS v1 methods simultaneously. However, you
can enable these methods in conjunction with SSL v3 method.
can enable these methods in conjunction with SSL v3 method.
•
If FIPS mode, you cannot use the SSL methods (SSL v2 and SSL v3).
•
In FIPS and non-FIPS mode, you cannot enable TLS v1.0 and v1.1 methods simultaneously.
However, you can enable these methods in conjunction with TLS v1.2 method.
However, you can enable these methods in conjunction with TLS v1.2 method.
Step 4
Click Submit.
Step 5
Click Commit Changes.
Disabling SSLv3 for Enhanced Security
For enhanced security, you can disable SSLv3 for the following services:
•
Updater
•
URL Filtering
•
End User Quarantine
•
LDAP
Use the
sslv3config
command in CLI to enable or disable SSLv3 for the above services. The following
example shows how to disable SSLv3 for End User Quarantine.
mail.example.com> sslv3config
Current SSLv3 Settings:
--------------------------------------------------
UPDATER : Enabled
WEBSECURITY : Enabled
EUQ : Enabled
LDAP : Enabled
--------------------------------------------------