Cisco Cisco Email Security Appliance X1070 Guia De Resolução De Problemas
Alter the Methods and Ciphers Used with SSL/TLS
on the ESA
on the ESA
Document ID: 117855
Contributed by James Noad and Robert Sherwin, Cisco TAC Engineers.
Jan 07, 2016
Contents
Introduction
Alter the Methods and Ciphers Used with SSL/TLS
SSL Methods
SSL Ciphers
Alter the Methods and Ciphers Used with SSL/TLS
SSL Methods
SSL Ciphers
Introduction
This document describes how to alter the methods and ciphers that are used with Secure Socket Layer (SSL)
or Transport Layer Security (TLS) configurations on the Cisco Email Security Appliance (ESA).
or Transport Layer Security (TLS) configurations on the Cisco Email Security Appliance (ESA).
Alter the Methods and Ciphers Used with SSL/TLS
Note
: The SSL/TLS methods and ciphers should be set based on the specific security policies and preferences
of your company. For third-party information in regards to ciphers, refer to the Security/Server Side
TLS Mozilla document for recommended server configurations and detailed information.
TLS Mozilla document for recommended server configurations and detailed information.
With Cisco AsyncOS for Email Security, an administrator can use the sslconfig command in order to
configure the SSL or TLS protocols for the methods and ciphers that are used for GUI communication,
advertised for inbound connections, and requested for outbound connections:
configure the SSL or TLS protocols for the methods and ciphers that are used for GUI communication,
advertised for inbound connections, and requested for outbound connections:
esa.local>
sslconfig
sslconfig settings:
GUI HTTPS method: tlsv1/tlsv1.2
GUI HTTPS ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Inbound SMTP method: tlsv1/tlsv1.2
Inbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT