CHAPTER
69-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
69
Configuring SSL Settings
SSL
The adaptive security appliance uses the Secure Sockets Layer (SSL) protocol and its successor,
Transport Layer Security (TLS) to achieve secure message transmission for both ASDM and Clientless,
browser-based sessions. The SSL window lets you configure SSL versions for clients and servers and
encryption algorithms. It also lets you apply previously configured trustpoints to specific interfaces, and
to configure a fallback trustpoint for interfaces that do not have an associated trustpoint.
Fields
• Server SSL Version—Choose to specify the SSL/TLS protocol version the adaptive security
appliance uses to negotiate as a server. You can make only one selection.
Options for Server SSL versions include the following:
Note To use port forwarding for Clientless SSL VPN, you must select Any or Negotiate SSL V3. The issue is
that JAVA only negotiates SSLv3 in the client Hello packet when you launch the Port Forwarding
application.
• Client SSL Version—Choose to specify the SSL/TLS protocol version the adaptive security
appliance uses to negotiate as a client. You can make only one selection.
Any The adaptive security appliance accepts SSL version 2 client hellos, and
negotiates either SSL version 3 or TLS version 1.
Negotiate SSL V3 The adaptive security appliance accepts SSL version 2 client hellos, and
negotiates to SSL version 3.
Negotiate TLS V1 The adaptive security appliance accepts SSL version 2 client hellos, and
negotiates to TLS version 1.
SSL V3 Only The security appliance accepts only SSL version 3 client hellos, and uses
only SSL version 3.
TLS V1 Only The security appliance accepts only TLSv1 client hellos, and uses only TLS
version 1.
To Next Page
Loading...
Need help?
General
