Information
Enable and disable TLS versions and Cipher suites for more granular control of SSL VPN connections and enforcing more secure connections.
Rationale:
Limiting TLS versions to more secure versions as well as enforcing stronger ciphers increases the security of the SSL VPN connections.
Solution
CLI:
config vpn ssl settings
set ssl-max-prot-ver tls1-3
set ssl-min-proto ver tls1-2
set algorithm high
Default Value:
ssl-max-proto-ver : tls1-3 ssl-min-proto-ver : tls1-2 algorithm : high
Item Details
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, CSCv7|5.1, CSCv7|11.1
Control ID: 779e0ccea22c7e7cc740354ee9cc75ce6eb18abd4896f7a27f2497db298e1031