1.7.2 Ensure 'TLS 1.0' is set for HTTPS access

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Enable SSL server version to TLS 1.0

Rationale:

Given that the network may be prone to sniffing, the HTTP access to the security appliance must be secured with SSL or TLS protocols. The latest version of SSL that is SSL v3 is now inclined to many vulnerabilities and systems should use at least TLS 1.0 as SSL server version.

Solution

For version 8.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL ENCRYPTION AES256-SHA1

For version 9.x, run the following command to enable AES 256 algorithm

HOSTNAME(CONFIG)# SSL CIPHER TLSV1 CUSTOM AES256-SHA

See Also

https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf